1059 matches found
CVE-2026-22265
Roxy-WI CVE-2026-22265 describes a command-injection vulnerability in the log viewing functionality. The flaw exists in app/modules/roxywi/logs.py, line 87, where the grep parameter is used both sanitized and in raw form, enabling authenticated users to execute arbitrary system commands. Affected...
CVE-2026-22265 Roxy-WI has a Command Injection via grep parameter in logs.py allows authenticated RCE
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...
CVE-2025-68492
Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...
Roxy-WI operating system command injection vulnerability
Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions prior to Roxy-WI 8.2.8.2 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the log viewing feature’s ability to allow command...
PT-2026-3072
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...
Chainlit vulnerable to improper access restriction
Overview Chainlit provided by Chainlit contains the following vulnerability. Authorization bypass through user-controlled key CWE-639 - CVE-2025-68492 Shotaro Kimura of NRI SecureTechnologies, Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
CVE-2025-68492
Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...
CVE-2021-41584
Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response information disclosure of possibly sensitive build/configuration details via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header...
CVE-2023-49115
MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users...
CVE-2026-21684
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...
CVE-2026-21684
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...
EUVD-2026-1394
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...
CVE-2026-21684 iccDEV has Undefined Behavior in CIccTagSpectralViewingConditions()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...
CVE-2026-21684 iccDEV has Undefined Behavior in CIccTagSpectralViewingConditions()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...
CVE-2026-21684
iccDEV is affected in versions prior to 2.3.1.2, where Undefined Behavior occurs in CIccTagSpectralViewingConditions(). A patch is available in version 2.3.1.2. The vulnerability affects users processing ICC color profiles with iccDEV. No explicit exploitation details or in-the-wild activity are ...
CVE-2026-21684 iccDEV has Undefined Behavior in CIccTagSpectralViewingConditions()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in CIccTagSpectralViewingConditions. This vulnerability affects users of th...
iccDEV 安全漏洞
iccDEV is an open source color configuration codebase from the International Color Consortium. A security vulnerability exists in iccDEV versions prior to 2.3.1.2 that stems from undefined behavior in the CIccTagSpectralViewingConditions function...
PT-2026-2081
Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 exhibit Undefined Behavior within the...
CVE-2018-25139 FLIR AX8 Thermal Camera 1.32.16 Unauthenticated RTSP Stream Disclosure
FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage...
PT-2025-51322
Name of the Vulnerable Software and Affected Versions Misskey versions 13.0.0-beta.16 through 2025.12.0 Description Misskey is a federated social media platform. Users without the necessary permissions to view favorites or clips could export posts and access their contents. Recommendations Update...