CVE-2026-32596 Glances exposes the REST API without authentication

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys,...

Honeywell Trend IQ4xx BMS Controller Unauthenticated Remote Web-HMI Control And Lockout

Summary The Honeywell IQ4 Trend IQ4 is a line of intelligent building-management controllers designed to provide advanced unitary control, HVAC integration, and scalable I/O expansion for commercial environments. These controllers use Ethernet and TCP/IP networking with embedded XML, support BACn...

RISS SRL MOMA Seismic Station 访问控制错误漏洞

RISS SRL MOMA Seismic Station is a specialized industrial control device for earthquake monitoring developed by the Italian company RISS SRL. Versions of RISS SRL MOMA Seismic Station prior to v2.4.2520 contained an access control vulnerability. This vulnerability stemmed from the lack of...

BEC Routers 授权问题漏洞

BEC Routers is a series of routers from BEC USA. An authorization issue vulnerability exists in BEC Routers that stems from a lack of authentication in the web-based user interface, which could allow a remote attacker to bypass authentication...

LOYTEC LINX-212 Access Control Error Vulnerability

The LOYTEC LINX-212 is a building controller from LOYTEC. An access control error vulnerability exists in the LOYTEC LINX-212 6.2.4 firmware version, which stems from a lack of authentication on the Web user interface, and can be exploited by an attacker to edit or delete current Web items, chang...

CVE-2019-7642

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW A1-1.04, DIR-816L B1-2.06, DIR-81...