CVE-2026-39571

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a through = 3.3.30...

Malicious code in bonsaitree1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0c35db41a5cf0a0671b33adf698777ebb63055a4f5ab3076bf3ed563a875cbb6 Dependency confusion attempt. The user identifies themselves as a HackerOne user abusing the PyPI for the purpose of a bug bounty program. This package did not...

Malicious code in @langgraphjs/toolkit (npm)

Package collects and sends sensitive system info to a hardcoded server. The package masquerades as a LangGraph JS utility but contains a malicious postinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

DEBIAN-CVE-2026-33533

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an...

CVE-2026-33533 Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition between data release and access to the file system data. This vulnerability may...

CVE-2026-4020

The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permissioncallback that unconditionally returns true, allowing any...

Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard

Summary The Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an attacker-controlled webpage can issue a CORS "simple request" POST with Content-Typ...

GHSA-7P93-6934-F4Q7 Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard

Summary The Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an attacker-controlled webpage can issue a CORS "simple request" POST with Content-Typ...

PT-2026-29154

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.3 Description Glances is a system cross-platform monitoring tool. The XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC...

PT-2026-28802

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information...

CVE-2021-4474

Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive...

CVE-2021-4474

CVE-2021-4474 concerns Ruckus Access Point devices where the CLI contains an arbitrary file read vulnerability. The issue allows authenticated remote attackers with administrative privileges to read arbitrary files from the device’s underlying filesystem, exposing sensitive information such as co...

CVE-2021-4474 Ruckus AP CLI Arbitrary File Read Allows Authenticated Remote File Access

Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive...

CVE-2021-4474 Ruckus AP CLI Arbitrary File Read Allows Authenticated Remote File Access

Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive...

CVE-2021-4474

Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive...

Malicious code in libavcodec-extra (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 00a68b4208fb4614b815e8a867c2155a8667b424e6457e3b72da362edbad9615 During installation or import, the package exfiltrates basic information in a dependency confusion attempt. The user identifies themselves as a HackerOne user...

Glances exposes the REST API without authentication

Summary Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys, tokens to any network client. Details Root Cause: Authentication is...

Malicious code in vitest-config (npm)

Malicious package due to preinstall script execution, system info gathering, Discord webhook usage for data exfiltration, and error suppression. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d6cfc9315582e56556f40906f86a19927ad32b3826548896d1eaf23e0705243 The...

Malicious code in tourney-sdk-react (npm)

The package exfiltrates system data to remote server --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c5364bf5b440c1fcec66cbe29b7243db3661868744f68aebeb5f8b99619d950 The package tourney-sdk-react was found to contain malicious code. Source: ghsa-malware...