BIT-AIRFLOW-2026-30912 Apache Airflow: Exposing stack trace in case of constraint error

In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/exposestacktraces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue...

CVE-2026-28798

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a proxy endpoint /v1/sys/proxy exposed by ZimaOS's web interface can be abused via an externally reachable domain using a Cloudflare Tunnel to make requests to internal localhost...

EUVD-2026-18502

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

CVE-2026-4020

Gravity SMTP for WordPress versions up to 2.1.4 exposes a REST endpoint at /wp-json/gravitysmtp/v1/tests/mock-data whose permission_callback always returns true, allowing unauthenticated access. When the ?page=gravitysmtp-settings parameter is used, register_connector_data() populates internal da...

CVE-2026-32632 Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent...

CVE-2026-32596 Glances exposes the REST API without authentication

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys,...

Linux Distros Unpatched Vulnerability : CVE-2026-32632

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5....

DEBIAN-CVE-2026-0846

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

CVE-2025-10285

The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password...

Kerlink KerOS 安全漏洞

Kerlink KerOS is an operating system from the French company Kerlink. A security vulnerability exists in Kerlink KerOS versions prior to 5.10, which stems from exposing the web interface over HTTP only and does not support HTTPS, which could lead to a man-in-the-middle attack...

CVE-2023-30467

This vulnerability exists in Milesight 4K/H.265 Series NVR models MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC, due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially...

PT-2024-20069 · Hms · Hms Anybus X-Gateway Ab7832-F

Name of the Vulnerable Software and Affected Versions: HMS Anybus X-Gateway AB7832-F 3 devices Description: The issue concerns the exposure of a web interface on port 80, allowing an unauthenticated GET request to a specific URL to trigger the reboot of the gateway or most of its modules. This ca...

CVE-2024-22045

A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.1 SP1. The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also...

PT-2024-2147 · Siemens · Sinema Remote Connect Client

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Client versions prior to V3.1 SP1 Description: A vulnerability has been identified in the SINEMA Remote Connect Client, where sensitive information is placed into files or directories that are accessible to actors who ar...

CVE-2023-4328

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows...

PT-2023-28752 · Broadcom · Broadcom Raid Controller

Name of the Vulnerable Software and Affected Versions: Broadcom RAID Controller affected versions not specified Description: The Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data. The keys used for encryption are accessible to any local user on Linux...

TYAN Tempest CX S5552 安全漏洞

The TYAN Tempest CX S5552 is TYAN's server motherboard for the Xeon E-Series. A security vulnerability exists in the TYAN Tempest CX S5552 version 3.00, which originates from the presence of an externally accessible file or directory in the web interface, which could allow an unauthenticated,...

UBUNTU-CVE-2023-34237

SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the...

PT-2022-13869 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 1.0.2 through 14.8.6 GitLab CE/EE versions 14.9.0 through 14.9.4 GitLab CE/EE versions 14.10.0 through 14.10.1 Description: The issue is related to missing input masking in GitLab CE/EE, which causes potentially sensitiv...

Secomea GateManager 安全漏洞

Secomea GateManager is a remote access server product from the Danish company Secomea. security vulnerability exists in versions prior to Secomea GateManager 9.7, which stems from the exposure of information in Secomea GateManager's Web UI, and could be exploited by an attacker to allow logged-in...