CVE-2026-10616 nextlevelbuilder GoClaw Team Task Completion team_tasks_lifecycle.go TeamTasksTool.executeComplete authorization

A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/teamtaskslifecycle.go of the component Team Task Completion Handler. Executing a manipulation can lead to missing authorization. Th...

EUVD-2025-209961

A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files...

CVE-2025-30028

A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files...

CVE-2025-30028

Technical details about CVE-2025-30028 are not publicly available in the provided documents. Monitor for updates from Synology and NVD for affected products, versions, and remediation.

PT-2026-42371

NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access in github.com/orneryd/nornicdb...

CVE-2026-40134

Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...

PT-2026-38722

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

Optoma CinemaX P2 安全漏洞

The Optoma CinemaX P2 is a super-short focal-length 4K laser home projector from Optoma. The Optoma CinemaX P2 has a security vulnerability, which stems from exposing the HTTP API on TCP port 2345 and allowing unauthorized remote control. This vulnerability could allow any device on the same...

Exploit for Path Traversal in Samsung Magicinfo_9_Server

Samsung MagicINFO 9 Server Exploit CVE-2025-4632 This repos...

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Security. The supported versions affected by this vulnerability are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9,...

PT-2026-36036

NEW THREAT INTEL: Qinglong Auth Bypass Chain to RCE - CVE-2026-3965 + CVE-2026-4047 CVSS 9.3 chained for unauth RCE on Qinglong = 2.20.1, dropping .fullgc cryptominer. 9 detections, 20 IOCs. https://t.co/dXJBNXiie3 ThreatIntel CyberSecurity RCE CVE https://t.co/PmenIBo9jX...

cPanel 访问控制错误漏洞

cPanel is a web-based automated hosting platform developed by the cPanel company in the United States. This platform is primarily used for automating the management of websites and servers. cPanel has a vulnerability related to access control, which stems from an authentication bypass issue in th...

CVE-2026-34261

CVE-2026-34261 affects SAP Business Analytics and SAP Content Management. Root cause: missing authorization check enables an authenticated user to call certain remote function modules beyond their permissions. Impact: confidentiality is affected; no noted impact to integrity or availability. Expl...

PT-2026-32568

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects...

CVE-2025-41764

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates...

EUVD-2025-208375

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates...

CVE-2025-41765

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and...

CVE-2025-41764

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates...

CVE-2025-41764 Unchecked role in wwwupdate.cgi

Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates...

Apache ActiveMQ Artemis和Apache Artemis 安全漏洞

Apache ActiveMQ Artemis and Apache Artemis are both products of the Apache Foundation in the United States. Apache ActiveMQ Artemis is a high-performance open-source message broker. Apache Artemis is a message broker software. Versions 2.50.0 to 2.51.0 of Apache Artemis, as well as versions 2.11....