490 matches found
CVE-2026-62657
A security flaw in the router's certificate validation process was discovered in the NETGEAR XR1000 Gaming Router and certain Nighthawk models that could allow an unauthorized person to remotely access and take control of the device...
EulerOS 2.0 SP10 : cups (EulerOS-SA-2026-2683)
According to the versions of the cups packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a...
CVE-2026-15472
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-15318
A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...
EUVD-2026-42240
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Incorrect Authorization vulnerability. A low privileged attacker with...
CVE-2026-14794
A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...
CVE-2026-13484
A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacted element is an unknown function of the component Experiment-scoped Label Schema CRUD API. Such manipulation leads to missing authorization. It is possible to launch the attack remotely. A high...
EUVD-2026-38158
A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...
CVE-2026-54413
driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle0x27SecurityAccess function in iso14229.c that allows a remote unauthenticated attacker to crash a UDS server and potentially read memory past the receive buffer by sending a single-byt...
PT-2026-48789
Name of the Vulnerable Software and Affected Versions Idira Identity Browser Extension Chrome, Firefox, and Edge builds versions prior to 26.8.1 Description An origin validation flaw exists within the internal web-page verification routines. This issue allows a remote attacker to trigger...
CVE-2026-7142
A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function addorupdatescript of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has...
ROS-20260605-73-0076
The vulnerability in Firefox is related to the lack of protection for service data. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...
CVE-2026-10218 nextlevelbuilder GoClaw evolution_handlers.go auth improper authorization
A vulnerability has been found in nextlevelbuilder GoClaw up to 3.11.3. This affects the function auth of the file internal/http/evolutionhandlers.go. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be...
PT-2026-44809
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device...
CVE-2026-9603
CVE-2026-9603 affects SourceCodester eDoc Doctor Appointment System 1.0. The vulnerability is due to manipulation of the ID parameter in /admin/delete-session.php, leading to missing authorization and enabling remote exploitation. Public PoC/exploit details are referenced. Vulnerability details r...
ROS-20260526-73-0017
Vulnerability in poetry related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...
JPress 授权问题漏洞
JPress is a blog platform developed using the Java language by the JPress team. Versions of JPress 1.0.3 and earlier contained an authorization vulnerability. This vulnerability stemmed from improper handling of the parameter id/userId in the UCenter Article Submission Endpoint component, which...
ROS-20260505-73-0081
A vulnerability in the getnetbyaddr and getnetbyaddrr functions of the GNU C Library is related to the use of an uninitialized resource. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...
PT-2026-34780
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description An agentic consent bypass allows LLM agents to silently disable execution approval. Remote attackers can exploit this by using the config.patch parameter to bypass security controls and execute...
ROS-20260420-73-0025
Vulnerability in python-aiohttp related to lack of service data protection. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...