(0Day) ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based user interface. By navigating directly to a URL...

(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from the lack of proper...

(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from the lack of proper...

(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from the lack of proper...

PT-2026-2008

Name of the Vulnerable Software and Affected Versions ALGO 8180 IP Audio Alerter affected versions not specified Description A flaw exists in the web-based user interface of the ALGO 8180 IP Audio Alerter that allows remote attackers to execute arbitrary code. Authentication is required for...

PT-2026-2011

Name of the Vulnerable Software and Affected Versions ALGO 8180 IP Audio Alerter affected versions not specified Description A flaw exists in the web-based user interface of the ALGO 8180 IP Audio Alerter that allows remote attackers to execute arbitrary code. Authentication is required for...

PT-2026-2016

Name of the Vulnerable Software and Affected Versions ALGO 8180 IP Audio Alerter affected versions not specified Description A flaw exists in the ALGO 8180 IP Audio Alerter Web UI that allows remote attackers to execute web requests with a target user's privileges. Authentication is not required...

PT-2026-2010

Name of the Vulnerable Software and Affected Versions ALGO 8180 IP Audio Alerter affected versions not specified Description A flaw exists in the web-based user interface of the ALGO 8180 IP Audio Alerter that allows remote attackers to execute arbitrary code. Authentication is required for...

PT-2026-2017

Name of the Vulnerable Software and Affected Versions ALGO 8180 IP Audio Alerter affected versions not specified Description A flaw exists in the web-based user interface of the ALGO 8180 IP Audio Alerter, allowing remote attackers to disclose sensitive information. Authentication is not required...

(0Day) Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of credentials provided to the endpoint. The issue results fro...

EUVD-2026-1623

Malicious code in @kyriba/ui-workspace npm...

CUPS: Local denial-of-service via cupsd.conf update and related issues

A flaw was found in cups. A user in group defined by SystemGroup directive in /etc/cups/cups-files.conf can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write...

EUVD-2026-1477

NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the click event listener used by ui.subpages, combined with attacker-controlled link rendering on the page, causes XSS when the user actively clicks on the link. This issue has been patched in versi...

Amazon Linux 2023 : cups, cups-client, cups-devel (ALAS2023-2025-1320)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1320 advisory. A client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other clients. CVE-2025-58436 A user in the...

CVE-2025-62224

User interface ui misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network...

CVE-2025-31962

Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods...

CVE-2019-16468

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure...

CVE-2019-16248

The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that a sender can remove a recipient's copy of a previously sent image analogous to supported...

CVE-2024-2241

Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions...

CVE-2025-1826

IBM Engineering Requirements Management DOORS Next IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in t...