CVE-2026-8598

CVE-2026-8598 affects ZKTeco CCTV cameras with an undocumented configuration export port that is reachable without authentication. This exposes sensitive data including open services and camera administrator credentials. Reported impact is high (CVSS 3.1/4.0: CRITICAL). Public sources indicate un...

CVE-2026-8598 Unauthenticated Export Service in ZKTeco CCTV Cameras

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials...

CVE-2026-8598 Unauthenticated Export Service in ZKTeco CCTV Cameras

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials...

CVE-2026-8598

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials...

ZKTeco CCTV Cameras 安全漏洞

ZKTeco CCTV Cameras are a series of network video surveillance cameras designed for security monitoring scenarios by ZKTeco Technology Co., Ltd. ZKTeco CCTV cameras have security vulnerabilities; these vulnerabilities stem from an unrecorded configuration export port that can be accessed without...

EUVD-2023-60564

Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in...

CVE-2023-54344 Eclipse Equinox OSGi 3.7.2 Remote Code Execution via Console

Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in...

CVE-2023-54342 Eclipse Equinox OSGi 3.8-3.18 Console Remote Code Execution

Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console,...

EUVD-2023-59421

Malicious code in bioql PyPI...

CVE-2023-7240

An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server Server IP/DNS field and is triggering connection to arbitrary address...

CVE-2023-7240

CVE-2023-7240 affects NetIQ Identity Console. The vulnerability arises from an improper authorization level in the login panel, which may allow unauthenticated Server Side Request Forgery (SSRF) and enable open services enumeration. The server may query a provided target (Server IP/DNS field) and...

CVE-2023-7240 Broken Access Control leading to SSRF in NetIQ Identity Console

An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server Server IP/DNS field and is triggering connection to arbitrary address...

CVE-2023-7240 Broken Access Control leading to SSRF in NetIQ Identity Console

An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server Server IP/DNS field and is triggering connection to arbitrary address...

CVE-2020-13650

An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery SSRF that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to ...

CVE-2018-0377

A vulnerability in the Open Systems Gateway initiative OSGi interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability b...

IP ID could allow to scan a masquerade network.

Hello, I was working on a new implementation of the IPID scann also known has idle scan in the nmap man page or pixie-scan as i call it During my test I think I discover a new way to use this type of scan : Synopsis ------------- Using the gateway of a masquerade network as a witness relay host f...