4 matches found
CVE-2026-49980
Summary of risks and remediation for CVE-2026-49980 : Rclone 1.46.0 through 1.74.3 is vulnerable to unauthenticated command execution via rcd --rc-serve. An unauthenticated GET/HEAD request to paths like /[remote:path]/object can cause the remote value to be parsed and used during backend initial...
Kirby: External Initialization of the Panel on reverse proxy setups with the `Forwarded` header
TL;DR This vulnerability affects Kirby sites that have no configured user accounts and are running on publicly accessible servers behind a reverse proxy that sets the Forwarded: for=..., X-Client-IP, or X-Real-IP request header. It was possible to install the Panel = create the first admin user i...
PT-2026-50724
Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description An external initialization issue exists in the Kirby Panel and REST API. This occurs when a site has no configured user accounts and is hosted on a publicly accessible...
The vulnerability of the microprogramming software in real-time video viewing devices from Fujitsu’s IP series lies in the use of strictly encrypted login credentials. This allows a perpetrator to initialize or restart the device, as well as stop the transmission of videos.
The vulnerability of microprogrammed software in real-time video viewing devices from Fujitsu’s IP series is related to the use of strictly encrypted login credentials. Exploiting this vulnerability allows a remote attacker to initialize or restart the device, as well as stop the video transmissi...