GHSA-7JRR-XW9C-MJ39 Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback

Summary An authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret query parameter, causing the request to be treated as authenticated via the...

EUVD-2026-25336

OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation...

The authfile directive in the booth config file is ignored preventing use of authentication in communications from node to node. As a result nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.

...

booth: authfile directive in booth config file is completely ignored.

A flaw was found in booth in the way it handles the authfile directive in configuration files, which causes authentication to be skipped between nodes. As a result, an attacker-controlled node that does not have the correct authentication key does not prevent communication with other nodes in the...

Microsoft Azure ms-rest-nodeauth 权限许可和访问控制问题漏洞

Microsoft Azure ms-rest-nodeauth is an application from Microsoft USA. It provides different node.js-based authentication mechanisms. Microsoft Azure ms-rest-nodeauth has a privilege permission and access control issue vulnerability that stems from an Azure ms-rest-nodeauth library elevation of...

Unauthenticated Remote Code Execution in Apache JMeter

Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

CVE-2019-0187

Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

CVE-2019-0187

Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

CVE-2019-0187

Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

CVE-2019-0187

Apache JMeter in distributed mode (-r/-R) is affected by CVE-2019-0187, enabling unauthenticated remote code execution via a RemoteJMeterEngine over RMI using untrusted data deserialization. The issue is limited to tests running in Distributed mode; pre-4.0 versions do not encrypt traffic between...

CVE-2016-8754

Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may obtain the hardcoded keys and log in to such a device through SSH...

Security Using Pre-Existing Routing for Mobile Ad hoc Networks: SUPERMAN

Security Using Pre-Existing Routing for Mobile Ad hoc Networks The flexibility and mobility of Mobile Ad hoc Networks MANETs have made them increasing popular in a wide range of use cases. To protect these networks, security protocols have been developed to protect routing and application data...