PT-2026-37146

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description An issue exists where the Role::stopMembership function fails to verify if removing a user from the administrator role leaves the system with zero administrators. While the deprecated...

CVE-2026-3611

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest level 100 context, granting read/write...

CVE-2025-64102

CVE-2025-64102 affects Zitadel, allowing online brute-force attacks on OTP, TOTP and passwords in multiple branches prior to fixed releases. Public details specify vulnerable ranges: 4.x up to 4.4.x, 3.x up to 3.4.2 (RCs included), and 2.x up to 2.71.17, with fixes enforcing a lockout policy and ...

PYSEC-2024-29

OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an adm...

KNX Connection Authorization 安全漏洞

KNX Connection Authorization is a network security product from KNX Open Source. KNX Connection Authorization suffers from a security vulnerability that stems from the fact that it is easy to be locked out and that users cannot reset them to gain access to the device...