EUVD-2026-38158

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

CVE-2026-54413

driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle0x27SecurityAccess function in iso14229.c that allows a remote unauthenticated attacker to crash a UDS server and potentially read memory past the receive buffer by sending a single-byt...

PT-2026-48789

Name of the Vulnerable Software and Affected Versions Idira Identity Browser Extension Chrome, Firefox, and Edge builds versions prior to 26.8.1 Description An origin validation flaw exists within the internal web-page verification routines. This issue allows a remote attacker to trigger...

CVE-2026-7142

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function addorupdatescript of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has...

ROS-20260605-73-0076

The vulnerability in Firefox is related to the lack of protection for service data. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...

CVE-2026-10218 nextlevelbuilder GoClaw evolution_handlers.go auth improper authorization

A vulnerability has been found in nextlevelbuilder GoClaw up to 3.11.3. This affects the function auth of the file internal/http/evolutionhandlers.go. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be...

PT-2026-44809

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device...

CVE-2026-9603

CVE-2026-9603 affects SourceCodester eDoc Doctor Appointment System 1.0. The vulnerability is due to manipulation of the ID parameter in /admin/delete-session.php, leading to missing authorization and enabling remote exploitation. Public PoC/exploit details are referenced. Vulnerability details r...

ROS-20260526-73-0017

Vulnerability in poetry related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...

JPress 授权问题漏洞

JPress is a blog platform developed using the Java language by the JPress team. Versions of JPress 1.0.3 and earlier contained an authorization vulnerability. This vulnerability stemmed from improper handling of the parameter id/userId in the UCenter Article Submission Endpoint component, which...

ROS-20260505-73-0081

A vulnerability in the getnetbyaddr and getnetbyaddrr functions of the GNU C Library is related to the use of an uninitialized resource. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...

PT-2026-34780

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description An agentic consent bypass allows LLM agents to silently disable execution approval. Remote attackers can exploit this by using the config.patch parameter to bypass security controls and execute...

ROS-20260420-73-0025

Vulnerability in python-aiohttp related to lack of service data protection. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

ROS-20260417-73-0028

Vulnerability in rubygem-rack related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

CVE-2026-5574

A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/path leads to missing authorization. The attack may be initiated remotely. The exploit has been...

CVE-2026-5574

The CVE-2026-5574 entry concerns Technostrobe HI-LED-WR120-G2 (firmware 5.5.0.1R6.03.30). Affected component: FsBrowseClean, function deletefile. Description indicates that manipulating the dir/path argument can bypass authorization, enabling potential remote attack. Public disclosure of exploits...

CVE-2026-5574 Technostrobe HI-LED-WR120-G2 FsBrowseClean deletefile authorization

A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/path leads to missing authorization. The attack may be initiated remotely. The exploit has been...

ROS-20260401-73-0049

Vulnerability in zabbix7-lts related to a flaw in the authorization mechanism. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...

CVE-2026-22900

A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later...

CVE-2026-1561

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating...