EUVD-2026-16005

A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to information disclosure. The attack is restricted to local execution. Attacks of this nature are highl...

PT-2026-28464

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. Before version 2026.02.0, during the processing of RemoteStop, a delayed authorization response resets the authorized variable to true. This bypasses the...

Linux Distros Unpatched Vulnerability : CVE-2026-25645

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files fr...

HCL Aftermarket DPC 安全漏洞

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a security vulnerability that can be exploited by an attacker to obtain system software and version details to carry out software-specific attacks...

Wecodex Shipping System CMS SQL注入漏洞

Wecodex Shipping System CMS is a logistics content management system developed by Wecodex Corporation. Version 1.0 of the Wecodex Shipping System CMS has a SQL injection vulnerability. This vulnerability stems from insufficient validation of the username parameter input, which may lead to SQL...

OpenClaw Security Bypass Vulnerability (CNVD-2026-16055)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause bypassing of interactive approval prompts...

PT-2026-28290

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description HCL Aftermarket DPC is susceptible to a File Discovery issue. An attacker could exploit this to read sensitive files present on the system and potentially use them to plan further...

PT-2026-28400

Name of the Vulnerable Software and Affected Versions Daylight Studio FuelCMS version 1.5.2 Description FuelCMS version 1.5.2 contains a SQL injection issue through the /controllers/Login.php component. The vulnerability is located in the /controllers/Login.php component and allows for potential...

CVE-2026-30162

Cross Site Scripting xss vulnerability in Timo 2.0.3 via crafted links in the title field...

PT-2026-28360

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. Before version 2026.02.0, the ISO15118 chargerImpl::handle session setup function copies a variable-length payment options list into a fixed-size array o...

PT-2026-28493

Name of the Vulnerable Software and Affected Versions TSPortal versions prior to 34 Description TSPortal, the WikiTide Foundation’s in-house platform used by the Trust and Safety team, was found to have a flaw that allowed attackers to create arbitrary user records in the database. This was...

Squid 安全漏洞

Squid is a set of open-source proxy servers and web caching servers developed by Squid. This software provides features such as caching the World Wide Web, filtering traffic, and proxy access. Prior to Squid 7.5, there were security vulnerabilities. These vulnerabilities stemmed from premature...

Langflow Detection

A Langflow Python library is installed on the remote host. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid303796; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/03/26"; scriptnameenglish:"Langflow Detection";...

Fireshare 安全漏洞

Fireshare is a media hosting software developed by Shane Israel individually. Version 1.5.1 of Fireshare contains a security vulnerability, which stems from authenticated path traversal in the multipart upload endpoint, potentially allowing arbitrary file writing...

PT-2026-28530

Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.2 Description OpenBao, an open source identity-based secrets management system, is susceptible to Reflected Cross-Site Scripting XSS through the error description parameter during failed authentication attempts wh...

Linux Distros Unpatched Vulnerability : CVE-2025-52204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Cross-Site Scripting XSS vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter CVE-2025-52204 Note tha...

CVE-2026-4824

A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulation leads to improper privilege management. The attack must be carried out locally. The attack is...

CVE-2026-4823 Enter Software Iperius Backup NTLM2 information disclosure

A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to information disclosure. The attack is restricted to local execution. Attacks of this nature are highl...

EUVD-2026-16002

A vulnerability was detected in Enter Software Iperius Backup bis 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of the component Backup Service. Performing a manipulation results in creation of temporary file with insecure permissions. The attack is only...

EUVD-2025-209027

IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints...