Cisco ISE 安全漏洞

Cisco ISE is a NAC solution developed by the American company Cisco. It is used to manage access to network resources for endpoints, users, and devices in a zero-trust architecture. Cisco ISE has a security vulnerability that stems from improper role-based access control permissions on the RADIUS...

CVE-2026-34474

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

PT-2026-38218

Name of the Vulnerable Software and Affected Versions ZTE ZXHN H298A version 1.1 ZTE H108N version 2.6 Description A crafted request to the router web interface can cause sensitive data exposure. This issue may leak device and account information, including the administrator password and WLAN...

HCL BigFix Service Management 日志信息泄露漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a vulnerability related to log information leakage. This vulnerability stems from ineffective access control, which may lead to unauthoriz...

CVE-2026-34474

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer due to improper handling of namespace deletion retries. An attacker can cause residual data, such as outstanding leases and unrelated storage entries, to remain after ...

USN-8234-1: Mako vulnerability

It was discovered that Mako incorrectly handled URIs with double-slash prefixes in TemplateLookup. A remote attacker could possibly use this issue to obtain sensitive information...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter during a file upload operation. An attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process by supplyi...

CVE-2026-6418 PaperCut NG/MF: Path Traversal in Shared Account Synchronization

An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...

PT-2026-38083

Name of the Vulnerable Software and Affected Versions Mako versions prior to 1.1.0+ds1-1ubuntu2.1+esm1 Description Mako incorrectly handles URIs with double-slash prefixes in TemplateLookup. A remote attacker could potentially exploit this behavior to obtain sensitive information. Recommendations...

RHCOS 4 : OpenShift Container Platform 4.13.z (RHSA-2024:7941)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:7941 advisory. - containers/image: digest type does not guarantee valid type CVE-2024-3727 - webob: WebOb's location header normalization during...

12 Step Meeting List < 3.19.10 - Unauthenticated Information Exposure

Description The 12 Step Meeting List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.19.9. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the authorization process. An attacker can gain unauthorized access to sensitive site, user, and role information by sending authenticated requests as a Panel user. This is only exploitable if the site is...

CVE-2026-32834

Summary: CVE-2026-32834 affects the WordPress plugin Easy PayPal Events & Tickets (version 1.3 and earlier). The vulnerability is a hardcoded authentication bypass in the QR code scanning functionality, allowing unauthenticated remote attackers to bypass hash verification by sending the hash para...

CVE-2026-42092

titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscribe via DDP and receive sensitive configuration fields such as googlesecret, openaiapikey, and...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection in the XML parsing process. An attacker can access sensitive files or execute arbitrary code by supplying crafted XML data containing external entity references. Details XXE Injection is a type of attac...

CVE-2026-6500

Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data. This issue affects OpenConcerto: 1.7.5...

CVE-2026-6500

Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data. This issue affects OpenConcerto: 1.7.5...

CVE-2026-6500

CVE-2026-6500 concerns a plaintext password storage vulnerability in OpenConcerto 1.7.5 by ILM Informatique. The issue allows retrieval of embedded sensitive data due to unencrypted passwords stored in plaintext. The available connected records confirm affected product/version and the root cause ...

EUVD-2026-26971

Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data. This issue affects OpenConcerto: 1.7.5...