algernon 安全漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.7 contained security vulnerabilities. These vulnerabilities stemmed from the forced activation of debugging mode in single-file mode, allowing the leakage of the file’s absolute path and complete byte...

EUVD-2026-31325

Open ISES Tickets before 3.44.2 embeds a hardcoded WhitePages reverse-phone API key in wp1.php that is committed to the public source repository. Any actor with read access to the source tree can extract the key and use it to make third-party API calls billed to or rate-limited against the origin...

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along wi...

EUVD-2026-30346

CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it...

Schneider Electric Ecostruxure Machine Expert HVAC 安全漏洞

Schneider Electric Ecostruxure Machine Expert HVAC is a software platform developed by Schneider Electric, a French company, dedicated to the control and automation of heating, ventilation, and air conditioning equipment. Schneider Electric Ecostruxure Machine Expert HVAC has a security...

Exposed Dangerous Method or Function

Overview org.webjars.npm:webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in Server.js, when handling non-HTTPS responses. ...

CVE-2026-41931

Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal err...

Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads

A packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks...

CVE-2025-55263

HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or if it is stored in insecure repositories, they can easily retrieve these hardcoded secrets...

CVE-2025-55263

HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or if it is stored in insecure repositories, they can easily retrieve these hardcoded secrets...

Security Bulletin: Source Code Exposure Vulnerability in webpack-dev-server (Fixed in Version 5.2.1) affects watsonx.data

Summary webpack-dev-server versions prior to 5.2.1 are vulnerable to source code exposure when users visit a malicious website. Due to classic script requests not being restricted by the same-origin policy, an attacker who knows the dev server port and entry script path can inject a script, acces...

CVE-2026-2250

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests...

CVE-2026-22275

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure...

CVE-2025-67004

Disputed An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly. NOTE: A community member states that this is n...

CVE-1999-0725

When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page"...

CVE-1999-0286

In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages...

Next.js Framework React Server Components Source Code Exposure (CVE-2025-55183)

The Next.js Framework on the remote host is affected by a source code exposure vulnerability: - An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages:...

FreeBSD : github-release-monitor -- multiple vulnerabilities (7a1bd1ca-cf40-41e2-9c5f-143a0d4b17af)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7a1bd1ca-cf40-41e2-9c5f-143a0d4b17af advisory. https://nextjs.org/blog/security-update-2025-12-11 reports: A specifically crafted HTTP reques...

EUVD-2025-203104

Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components...

Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.3. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-925w-6v3x-g4j4 Patches Upgrade immediately to @vitejs/[email protected] or...