CVE-2026-45332

Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account with a single POST request. The...

CVE-2026-45332

Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account with a single POST request. The...

CVE-2026-45332 Automad Broken Access Control: unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint

Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account with a single POST request. The...

EUVD-2026-32980

Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account with a single POST request. The...

GHSA-XM76-R88J-VM3G Automad has Broken Access Control: Unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint

Summary A Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account with a single POST request. The /api/user-collection/create-first-user setup endpoint remains publicly accessible once initial configuration is...

CVE-2026-44460

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totpsetup.php is callable from a session that has only passed the password check state pendingloginuser. When the target account already has TOTP configured, the endpoint...

CVE-2026-44460

FileRise (self-hosted web-based file manager) contains a vulnerability in /api/totp_setup.php prior to version 3.12.0. If a session has passed password check (state pending_login_user) and the target account already has TOTP configured, the endpoint decrypts and returns the existing TOTP secret i...

CVE-2026-44460 FileRise: TOTP Bypass via Setup Endpoint Disclosing Existing Secret

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totpsetup.php is callable from a session that has only passed the password check state pendingloginuser. When the target account already has TOTP configured, the endpoint...

CVE-2026-44460 FileRise: TOTP Bypass via Setup Endpoint Disclosing Existing Secret

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totpsetup.php is callable from a session that has only passed the password check state pendingloginuser. When the target account already has TOTP configured, the endpoint...

PT-2026-44053

Name of the Vulnerable Software and Affected Versions FileRise versions prior to 3.12.0 Description FileRise is a self-hosted web-based file manager. The endpoint '/api/totp setup.php' can be accessed by a session that has only completed the password verification state pending login user. If the...

PT-2026-42942

Name of the Vulnerable Software and Affected Versions Edimax BR-6675nD version 1.12 Description A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the formPPTPSetup function located in the '/goform/formPPTPSetup' endpoint when manipulating...

CVE-2026-41902

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/hash endpoint accepts a 60-character random invitehash to set a new user's password. The endpoint performs no expiration check — the hash remains valid indefinitely until...

EUVD-2026-28405

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/hash endpoint accepts a 60-character random invitehash to set a new user's password. The endpoint performs no expiration check — the hash remains valid indefinitely until...

CVE-2026-41902

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/hash endpoint accepts a 60-character random invitehash to set a new user's password. The endpoint performs no expiration check — the hash remains valid indefinitely until...

CVE-2026-41902

CVE-2026-41902 affects FreeScout (Laravel-based help desk). Before v1.8.217, the endpoint /user-setup/{hash} accepts a 60-character invite_hash to set a new user’s password and does not expire the hash, leaving it valid until used. If the invite link leaks (e.g., forwarded emails, logs, or referr...

PT-2026-38547

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.217 Description The '/user-setup/hash' endpoint accepts a 60-character random invite hash to set a new user's password but does not perform an expiration check, allowing the hash to remain valid indefinitely unt...

📄 phpMyFAQ 4.0.16 Improper Authorization

phpMyFAQ versions 4.0.16 and below suffer from an improper authorization vulnerability. Exploit Title: phpMyFAQ = 4.0.16 - Improper Authorization Google Dork: N/A Date: 2026-01-23 Exploit Author: GUIA BRAHIM FOUAD Vendor Homepage: https://www.phpmyfaq.de/ Software Link:...

CVE-2019-25708

Heatmiser Wifi Thermostat 1.7 is affected by a cross-site request forgery (CSRF) that lets an attacker change administrator credentials by deceiving an authenticated user into submitting a crafted request to networkSetup.htm with parameters usnm, usps, and cfps. This can modify the admin username...

CVE-2019-25708 Heatmiser Wifi Thermostat 1.7 Cross-Site Request Forgery

Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters...

CVE-2026-2905

A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploi...