| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A path traversal vulnerability exists in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the `file` parameter to traverse directories and enumerate arbitrary files on the underlying filesystem. Due to the insecure perl file path handling function in use, a authenticated actor is able to preform directory traversal, with the backup endpoint confirming a file exists by indicating that a backup operation was successful or when using the path of a non existent file, the returned status is failed. |
| Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol. |
| Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter. |
| Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information. |
| Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within the fabric. |
| HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was
remediated with HP System Event Utility version 3.2.16. |
| Tanium addressed an improper input validation vulnerability in Discover. |
| OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulnerability in the optional Tlon Urbit extension that accepts user-provided base URLs for authentication without proper validation. Attackers who can influence the configured Urbit URL can induce the gateway to make HTTP requests to arbitrary hosts including internal addresses. |
| Tanium addressed an improper access controls vulnerability in Interact. |
| Tanium addressed an uncontrolled resource consumption vulnerability in Discover. |
| Tanium addressed an improper access controls vulnerability in Tanium Server. |
| OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and gain unauthorized access to restricted conversations. |
| Tanium addressed a denial of service vulnerability in Tanium Client. |
| Tanium addressed a local privilege escalation vulnerability in Tanium Module Server. |
| Tanium addressed a local privilege escalation vulnerability in Tanium Server. |
| Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server. |
| Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools. |
| Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools. |
| Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal. |
| Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service unavailability. |
