28055 matches found
CVE-2026-25231
FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or...
CVE-2025-10464 Cleartext password storage in Birtech Information Technologies' Sensaway
Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data. This issue affects Senseway: through 09022026. NOTE: Because the product was developed using outdated technology, the...
CVE-2025-10464
The CVE-2025-10464 entry concerns Birtech Information Technologies’ Senseway application, describing an Insecure Storage of Sensitive Information vulnerability that enables retrieval of embedded sensitive data (explicitly noted as cleartext password storage in the CVE listing). Affected release a...
CVE-2025-10464 Cleartext password storage in Birtech Information Technologies' Sensaway
Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data. This issue affects Senseway: through 09022026. NOTE: Because the product was developed using outdated technology, the...
CVE-2025-10464
Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data. This issue affects Senseway: through 09022026. NOTE: Because the product was developed using outdated technology, the...
CVE-2025-7708
Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation. This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...
CVE-2025-7708
Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation. This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...
CVE-2025-7708
CVE-2025-7708 describes Insertion of Sensitive Information Into Sent Data in Atlas Educational Software Industry Ltd. Co. K12net, affecting the k12net component up to version 09022026. The underlying issue is that sensitive information can be inserted into data that is sent, enabling potential co...
CVE-2025-7708 Sensitive Data Exposure in Atlas Software's k12net
Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation. This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...
Synology DSM 安全漏洞
Synology DSM is an NAS management operating system developed by the Chinese company Synology. There is a security vulnerability in Synology DSM, where attackers can bypass access restrictions through the Storage Manager to read sensitive information...
PT-2026-7134
FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or...
Birtech Senseway 安全漏洞
Birtech Senseway is an environmental data monitoring platform developed by the Turkish company Birtech. Versions of Birtech Senseway from 09022026 onward contain security vulnerabilities. These vulnerabilities stem from insecure storage of sensitive information, which may lead to the retrieval of...
PlaciPy 日志信息泄露漏洞
PlaciPy is an open-source employment management system developed by Praskla Technology. It aims to simplify the employment processes for students, trainers, and administrators in educational institutions. Version 1.0.0 of PlaciPy contains a vulnerability related to log information leakage. This...
PT-2026-7159
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...
CVE-2026-25729
DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...
CVE-2026-25729
DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...
CVE-2026-25729
DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...
CVE-2026-25729 DeepAudit Affected by User Enumeration via Broken Access Control
DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...
CVE-2026-25729 DeepAudit Affected by User Enumeration via Broken Access Control
DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...
CVE-2026-25729
DeepAudit is affected by an improper access control vulnerability in the /api/v1/users/ endpoint present in version 3.0.4 and earlier. An authenticated user can enumerate all users and retrieve sensitive fields (emails, phone numbers, full names, roles). The issue is documented across multiple so...