Search Vulnerabilities

Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users

Initialization of a resource with an insecure default in XCharge C6

phpMyFAQ - Authentication Bypass via Empty API Token

NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initializa...

Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS

Algernon: Single-file mode unconditionally enables debug mode

SiYuan: Stored XSS via Attribute View name to Electron renderer RCE in SiYuan

SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSS

AntSword: Incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection

Insecure Default Initialization in API Authentication leads to Authentication Bypass

Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server

Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place

New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud

PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution

OpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webhook and Card-Action Validation

OpenClaw < 2026.4.10 - Chrome DevTools Protocol Exposure via Overly Broad CDP Relay Binding

Vvveb < 1.0.8.2 Information Disclosure via Debug Exception Handler

HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only

OpenClaw < 2026.4.14 - Server-Side Request Forgery via Private Network Navigation

BridgeHead FileStore < 24A Apache Axis2 Default Credentials RCE