EUVD-2026-33921

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630 allows a remote unauthenticated attacker to...

OpenClaw Information Disclosure Vulnerability (CNVD-2026-14389)

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has an information disclosure vulnerability, the vulnerability stems from the component File Existence Handler's function tools.exec.safeBins for the protection of sensitive information is insufficient, an attacker can...

CVE-2025-15567

Insufficient protection mechanisms in the Health Module may lead to partial information disclosure...

GHSA-QHP6-6P8P-2RQH Wildfly Elytron integration susceptible to brute force attacks via CLI

Impact A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. Patches The default behaviour has been changed in...

Cisco IOS XE 跨站请求伪造漏洞

Cisco IOS XE is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A cross-site request forgery vulnerability exists in Cisco IOS XE that stems from...

CVE-2024-56181

A vulnerability has been identified in SIMATIC Field PG M5 All versions, SIMATIC IPC BX-21A All versions V31.01.07, SIMATIC IPC BX-32A All versions V29.01.07, SIMATIC IPC BX-39A All versions V29.01.07, SIMATIC IPC BX-59A All versions V32.01.04, SIMATIC IPC PX-32A All versions V29.01.07, SIMATIC I...

ABB FLXeon 日志信息泄露漏洞

The ABB FLXeon is a series of controllers from ABB Switzerland. ABB FLXeon version 9.3.4 and prior versions suffer from a log information disclosure vulnerability that stems from the application's inadequate protection of sensitive information and can be exploited by an attacker to obtain sensiti...

PT-2025-1215 · Microsoft · Windows Bitlocker +1

Name of the Vulnerable Software and Affected Versions: Windows BitLocker affected versions not specified Description: The issue is related to insufficient protection of system data in the BitLocker component of the Windows operating system. Exploitation of this issue may allow an attacker to...

CVE-2024-52872

In Flagsmith before 2.134.1, the getdocument endpoint is not correctly protected by permissions...

PT-2024-5684 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue exists due to inadequate protection of the web page structure in the netshop module of the Netcat CMS system. This allows a remote attacker to execute arbitrary JavaScript code...

PT-2024-1032 · Microsoft · Message Queuing +1

Name of the Vulnerable Software and Affected Versions: Microsoft Message Queuing versions affected versions not specified Description: The issue is related to insufficient protection of service data in the Message Queuing component of Windows operating systems. It allows a remote attacker to gain...

Apache MINA 路径遍历漏洞

Apache MINA is the United States Apache Apache Foundation of a web application framework. The product is mainly used to develop high-performance and highly scalable web applications. An information disclosure vulnerability exists in Apache MINA, which stems from insufficient protection of sensiti...

CVE-2022-22321

IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. IBM X-Force ID: 218368...

The vulnerability of the IBM Spectrum Protect Plus data protection software lies in its insufficient protection for registration data, allowing attackers to disclose the protected information.

The vulnerability of the IBM Spectrum Protect Plus data protection software platform lies in the insufficient protection of registration data. Exploiting this vulnerability can allow attackers to disclose the protected information...

PT-2021-7881 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: The issue is related to insufficient protection of service data in Microsoft SharePoint Server, allowing a remote attacker to gain unauthorized access to protected...

The vulnerability of the online business analytics service IBM Cognos Analytics, related to the lack of measures taken to protect the website structure, allows a perpetrator to carry out a cross-site scripting attack.

The vulnerability of the online business analytics service IBM Cognos Analytics is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the ev.ops configuration file of the JunOS Evolved operating system, which allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the ev.ops configuration file in the JunOS Evolved operating system is related to insufficient protection for registration data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the “fid” parameter in the Online-Exam-System software allows a violator to execute arbitrary SQL queries.

The vulnerability of the “fid” parameter in the Online-Exam-System software involves a lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...

The vulnerability of the Red Hat OpenShift Container Platform corporate platform arises from the lack of measures taken to protect the website structure, allowing attackers to expose authentication data.

The vulnerability of the Red Hat OpenShift Container Platform exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to obtain authentication credentials through a specially created link...

The vulnerability of Firefox browser, related to the lack of measures taken to protect the structure of web pages, allows attackers to compromise data integrity.

The vulnerability of Firefox browsers is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to compromise the integrity of data...