CVE-2026-28204

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-28204 CTEK Chargeportal Insufficiently Protected Credentials

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-33147

A flaw was found in GMT Generic Mapping Tools, an open-source collection of command-line tools. This vulnerability, a stack-based buffer overflow, occurs when a specially crafted long string is used as a dataset identifier. An attacker could exploit this to cause the application to crash or...

CVE-2026-32890

Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting XSS vulnerability in the web dashboard's User Mapping dropdown allows any unprivileged Discord user in the...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Script View Templates. An attacker can access sensitive file contents outside of the intended directories by leveraging the Java scripting engine in template rendering. Note: This is only exploitable if the...

CVE-2026-32890

Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting XSS vulnerability in the web dashboard's User Mapping dropdown allows any unprivileged Discord user in the...

EUVD-2026-13501

Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting XSS vulnerability in the web dashboard's User Mapping dropdown allows any unprivileged Discord user in the...

CVE-2026-32890 Anchorr: Stored XSS in User Mapping dropdown allows unprivileged Discord users to exfiltrate all secrets via /api/config

Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting XSS vulnerability in the web dashboard's User Mapping dropdown allows any unprivileged Discord user in the...

CVE-2026-32890 Anchorr: Stored XSS in User Mapping dropdown allows unprivileged Discord users to exfiltrate all secrets via /api/config

Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting XSS vulnerability in the web dashboard's User Mapping dropdown allows any unprivileged Discord user in the...

CVE-2026-32890

Anchorr (Discord bot) has a stored XSS in the web dashboard (User Mapping dropdown) affecting versions ≤ 1.4.1. An unprivileged Discord user in the same guild can execute arbitrary JavaScript in the admin’s browser. Coupled with GET /api/config (which returns plaintext secrets), an attacker can e...

CVE-2026-32890 Anchorr: Stored XSS in User Mapping dropdown allows unprivileged Discord users to exfiltrate all secrets via /api/config

Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting XSS vulnerability in the web dashboard's User Mapping dropdown allows any unprivileged Discord user in the...

PT-2026-26545

Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting XSS vulnerability in the web dashboard's User Mapping dropdown allows any unprivileged Discord user in the...

PT-2026-26695

CVE-2026-28204 Charging station authentication identifiers are publicly accessible via web-based mapping platforms. https://t.co/aldAqfvMsO...

Generic Mapping Tools 安全漏洞

The Generic Mapping Tools is an open-source set of geographic data mapping and processing tools. Versions of Generic Mapping Tools 6.6.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the gmtremotedatasetid function, which handles specially crafted long strings and...

IGL-Technologies eParking.fi 安全漏洞

IGL-Technologies eParking.fi is an intelligent parking platform provided by IGL-Technologies, offering features for parking management, charging, and parking space monitoring. IGL-Technologies eParking.fi has a security vulnerability, as the identity verification identifier of the charging statio...

Anchorr 安全漏洞

Anchorr is an open-source Discord bot developed by openVESSL that integrates media search and notifications. Versions of Anchorr 1.4.1 and earlier contain security vulnerabilities. These vulnerabilities stem from a storage cross-site scripting vulnerability in the Web dashboard user mapping...

PT-2026-26699

CVE-2026-31926 Charging station authentication identifiers are publicly accessible via web-based mapping platforms. https://t.co/dYBTlDrxSN...

f2fs: fix to avoid mapping wrong physical block for swapfile

...

EUVD-2026-12762

A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources...

CVE-2026-4366

CVE-2026-4366 affects Keycloak, where improper handling of HTTP redirects during specific client configuration requests allows an attacker to induce the server to reach internal/restricted resources. The impact described is potential information disclosure and the ability to map internal network ...