12 matches found
EUVD-2026-11154
OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attackers can hold idle pre-authenticated sockets open ...
Linux Distros Unpatched Vulnerability : CVE-2026-24352
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour...
EUVD-2026-8947
An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system...
Trend Micro Apex One OS Command Injection Vulnerability
Trend Micro Apex One Management Console on-premise contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations...
CVE-2025-54948
A vulnerability in Trend Micro Apex One on-premise management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations...
Trend Micro Endpoint Encryption PolicyServer 安全漏洞
Trend Micro Endpoint Encryption PolicyServer is a centralized management server from Trend Micro. A security vulnerability exists in Trend Micro Endpoint Encryption PolicyServer that stems from improper deserialization and could lead to pre-authenticated remote code execution...
CVE-2025-27653
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Preauthenticated Cross Site Scripting XSS: Badge Registration V-2023-012...
CVE-2025-27653
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Preauthenticated Cross Site Scripting XSS: Badge Registration V-2023-012...
CVE-2025-27653
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Preauthenticated Cross Site Scripting XSS: Badge Registration V-2023-012...
CVE-2023-38314
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS a Denial-of-Servic...
DEBIAN-CVE-2023-38314
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS a Denial-of-Servic...
CVE-2023-38314
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS a Denial-of-Servic...