CVE-2026-44649

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User Authelia and X-Authentik-Username Authentik HTTP headers to...

Your Redis Server Looks Fine. That’s the Problem.

Introduction There’s an automated attack circulating right now that breaks into unprotected Redis servers, takes over the underlying machine, and then carefully puts everything back the way it found it. It restores the database filename. It deletes the tools it used. It detaches from the...

Linux Distros Unpatched Vulnerability : CVE-2026-32609

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on th...

GHSA-R297-P3V4-WP8M Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`

Summary In Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri field with embedded HTTP Basic credentials for downstream Glances servers, using t...

CVE-2025-30035

CVE-2025-30035 affects CGM CLININET: lack of API authentication allows generating a session for any user, enabling session takeover without a password. Root cause: missing auth on session creation. Impact is high across confidentiality, integrity, and availability (CVSS v4.0 base score 9.0; vecto...

PT-2026-1854

Name of the Vulnerable Software and Affected Versions Vivotek IP7137 camera versions prior to firmware version 0200a Description The Vivotek IP7137 camera, with firmware version 0200a, does not require a password by default when logging in as an administrator. Although setting a password is...

Vivotek IP7137 安全漏洞

Vivotek IP7137 is an IP camera from China VIVOTEK Communications Vivotek. A security vulnerability exists in the Vivotek IP7137 version 0200a, which stems from the default situation where no password is required when logging in as administrator, which could lead to unauthorized access...

CVE-2025-68716

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with no password, and administrators cannot disable SSH or enforce authentication via the CLI or web GUI. This allows any LAN-adjacent attacker to...

CVE-2024-45675

IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password...

EUVD-2024-55112

IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password...

PT-2025-48707

Name of the Vulnerable Software and Affected Versions Entrust nShield Connect XC versions through 13.6.11 Entrust nShield 5c versions through 13.6.11 Entrust nShield HSMi versions through 13.6.11 Entrust nShield Connect XC version 13.7 Entrust nShield 5c version 13.7 Entrust nShield HSMi version...

CVE-2025-59704

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow an attacker to gain access the the BIOS menu because is has no password...

CVE-2011-20002

A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family incl. SIPLUS variants All versions V2.0.2, SIMATIC S7-1200 CPU V2 family incl. SIPLUS variants All versions V2.0.2. Affected controllers are vulnerable to capture-replay in the communication with the engineering software. This...

EUVD-2000-0766

Malware in sbrugna...

EUVD-2023-27551

Malicious code in bioql PyPI...

EUVD-2025-27999

Malicious code in bioql PyPI...

CVE-2025-34212

CVE-2025-34212 involves Vasion Print (Virtual Appliance Host and App) with CI/CD weaknesses in VA/SaaS deployments prior to versions 22.0.843 and 20.0.1923. The build process pulls an unverified third‑party image, downloads the VirtualBox Extension Pack over HTTP without signature validation, and...

CVE-2025-34212

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 VA/SaaS deployments possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain HTTP without signature...

CVE-2025-9964 Weak Authentication for Root User

No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console easily. This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 commit d0f97fd9...

Linux Distros Unpatched Vulnerability : CVE-2019-12105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component,...