Linux Distros Unpatched Vulnerability : CVE-2026-41176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without...

CVE-2026-40937 RustFS missing admin authorization on notification target endpoints, which allows unauthenticated configuration of event webhooks

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in rustfs/src/admin/handlers/event.rs use a checkpermissions helper that validates authentication only access key + session token, without performing any...

Philips Hue Bridge 访问控制错误漏洞

The Philips Hue Bridge is an intelligent lighting gateway device developed by the Japanese company Philips Hue. The Philips Hue Bridge has a security vulnerability related to access control. This vulnerability stems from the lack of authentication in the configuration of the HomeKit Accessory...

CVE-2026-28400

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

CVE-2021-47802

Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without...

CVE-2021-47802 Tenda D151 & D301 - Configuration Download

Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without...

EUVD-2023-60182

MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to...

CVE-2020-36871

Summary: CVE-2020-36871 affects ESCAM QD-900 WIFI HD cameras. An unauthenticated GET/download on /web/cgi-bin/hi3510/backup.cgi allows remote retrieval of a compressed configuration backup, which can contain administrative credentials and other sensitive device settings. This information disclosu...

CVE-2019-25226 Dongyoung Media DM-AP240T/W Unauthenticated Configuration Disclosure

Dongyoung Media DM-AP240T/W wireless access points contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/syssystemconfig management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication or authorization. T...

CVE-2020-36873 Astak CM-818T3 Unauthenticated Configuration Disclosure

Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorizatio...

CVE-2025-64385

CVE-2025-64385 affects Circutor TCPRS1plus. The issue arises when configuring the device via UDP through the manufacturer’s software, where any aspect of the initial configuration can be changed by the device’s MAC address without authentication. The vulnerability is observed in the UDP configura...

EUVD-2025-1811

Malicious code in bioql PyPI...

EUVD-2023-59128

Malicious code in bioql PyPI...

CVE-2025-0675

Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure...

CVE-2025-0675 Elber Communications Equipment Hidden Functionality

Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure...

ABB Cylon Aspect 3.08.02 Unauthenticated Configuration Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB Cylon Aspect BMS/BAS system suffers from an unauthenticated...

CIRCUTOR TCP2RS+ 安全漏洞

CIRCUTOR TCP2RS+ is an Ethernet converter from CIRCUTOR. A security vulnerability exists in CIRCUTOR TCP2RS+ version 1.3b, which originated from a vulnerability that allows an attacker to modify any configuration value without authentication, resulting in invalidating the device's configuration a...

Origin Validation Error

flowise is vulnerable to a CORS misconfiguration. The vulnerability is due to the Access-Control-Allow-Origin header being set to allow all origins, permitting arbitrary origins to connect to the website. In the default unauthenticated configuration, attackers can exploit this to make requests to...

Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference Vulnerability

Elber Wayber Analog/Digital Audio STL version 4.00 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability. Elber Wayber Analog/Digital Audio STL 4.00 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected...

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Insecure Direct Object Reference Vulnerability

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability. Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it...