CVE-2026-21404

NAVTOR NavBox (versions up to 4.16.1.20) contains hard-coded credentials in its Windows Communication Foundation (SOAP) implementation. When SOAP is enabled, a local attacker can extract credentials and bypass the intended transfer workflow. Successful authentication to the SOAP interface grants ...

CVE-2026-44052

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

EUVD-2026-31227

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

CVE-2026-35064 SenseLive X3050 Missing authentication for critical function

A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are...

PT-2026-34121

Name of the Vulnerable Software and Affected Versions Oracle HCM Common Architecture versions 12.2.3 through 12.2.15 Description An issue in the Knowledge Integration component of Oracle E-Business Suite allows an unauthenticated attacker with network access via HTTP to compromise Oracle HCM Comm...

PT-2026-32558

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

CVE-2025-62330

CVE-2025-62330 affects HCL DevOps Deploy. The vulnerability arises from cleartext transmission due to the HTTP port remaining accessible and not redirecting to HTTPS, enabling an attacker with network access to intercept or modify user credentials and session data via passive monitoring or MITM-s...

CVE-2025-11538

A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...

CVE-2024-5462

If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords ...

CVE-2024-21083

Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Script Engine. Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle BI Publisher...

CVE-2023-31728

Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface...

PT-2023-6209 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 Description: The issue is related to insufficient input validation in the Core component of Oracle WebLogic Server, allowing an unauthenticated attacker with network access via T3, IIO...

PT-2023-4544 · Tp Link · Tapo L530 +5

Name of the Vulnerable Software and Affected Versions: TPLink Smart Bulb Tapo series L530 versions 1.0.0 through 1.1.9 TPLink Smart Bulb Tapo series L510E version 1.0.8 TPLink Smart Bulb Tapo series L630 version 1.0.3 TPLink Smart Bulb Tapo series P100 version 1.4.9 TPLink Smart Camera Tapo serie...

PT-2023-2481 · Oracle · Oracle Weblogic Server

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 12.2.1.3.0 through 12.2.1.4.0 Oracle WebLogic Server version 14.1.1.0.0 Description: The issue allows an unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful...

curl 安全漏洞

Curl is a tool used to transfer data from or to a server. There is a security vulnerability in curl that stems from an HSTS check being bypassed to trick it into continuing to use HTTP. an attacker exploiting this vulnerability could access the data on curl to read sensitive information...

CVE-2022-31205

In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication...

CVE-2022-21543

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Updates Environment Mgmt. Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

USN-4781-1 slurm-llnl vulnerabilities

It was discovered that Slurm incorrectly handled certain messages between the daemon and the user. An attacker could possibly use this issue to assume control of an arbitrary file on the system. This issue only affected Ubuntu 16.04 ESM. CVE-2016-10030 It was discovered that Slurm mishandled SPAN...

CVE-2021-22793

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSine PCS+ / PFV+ Versions prior to V1.6.7 and AccuSine PCSn Versions prior to V2.2.4 that could allow an authenticated attacker to access the device via FTP protocol...