Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Security Vulnerabilities366972
CVE-2026-49208
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 16:10
Updated-17 Jul, 2026 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symfony UX: Format-less date LiveProps parsed with the permissive DateTime constructor

Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, when a #[LiveProp] is typed as DateTimeInterface and no explicit format is configured, Symfony\UX\LiveComponent\LiveComponentHydrator::hydrateObjectValue() falls back to new $className($value), allowing client-supplied relative strings such as now, tomorrow, or +10 years to move a writable, format-less date prop past time-based business logic checks. This issue is fixed in versions 2.36.0 and 3.1.0.

Action-Not Available
Vendor-symfony
Product-ux
CWE ID-CWE-20
Improper Input Validation
CVE-2026-49210
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-2.3||LOW
EPSS-Not Assigned
Published-17 Jul, 2026 | 16:09
Updated-17 Jul, 2026 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symfony UX: XSS in symfony/ux-live-component via attacker-controlled child component tag

Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Util\ChildComponentPartialRenderer::createHtml() interpolates the client-controlled children[id].tag value from LiveComponentSubscriber and InterceptChildComponentRenderSubscriber directly into HTML as a tag name without escaping or validation, allowing arbitrary HTML, including <script> tags, on any Live Component re-render that contains at least one child component. This issue is fixed in versions 2.36.0 and 3.1.0.

Action-Not Available
Vendor-symfony
Product-ux
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-49212
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 16:03
Updated-17 Jul, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symfony UX: LiveComponentHydrator HMAC checksum lacks component and slot binding

Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, the HMAC computed by Symfony\UX\LiveComponent\LiveComponentHydrator covered only sorted prop key/value pairs and did not include the component name, the slot identifier (props vs propsFromParent), or request context, allowing a signed blob minted for one component or slot to be replayed in another and set a read-only prop on a target component. This issue is fixed in versions 2.36.0 and 3.1.0.

Action-Not Available
Vendor-symfony
Product-ux
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2026-49209
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 16:02
Updated-17 Jul, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symfony UX: Denial of service in symfony/ux-live-component via unbounded batch action requests

Symfony UX is a JavaScript ecosystem for Symfony. From 2.5.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Controller\BatchActionController::__invoke() iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry; because the array size is never bounded, an authenticated client can submit a single _batch request containing thousands of actions and exhaust CPU, memory, and database connections on the application server. This issue is fixed in versions 2.36.0 and 3.1.0.

Action-Not Available
Vendor-symfony
Product-ux
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-9588
Assigner-Security Risk Advisors (SRA)
ShareView Details
Assigner-Security Risk Advisors (SRA)
CVSS Score-7||HIGH
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:59
Updated-17 Jul, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Stored Cross-Site Scripting (XSS) in Switchvox SMB Web Portal

A stored cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997) within the voicemail notification template functionality. The submit_modify_voicemail_template endpoint fails to properly sanitize HTML content supplied by authenticated users, allowing malicious JavaScript supplied through the template_text parameter to be stored server-side and subsequently rendered to other users.

Action-Not Available
Vendor-Sangoma Technologies Corp.
Product-Switchvox SMB Edition
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-9587
Assigner-Security Risk Advisors (SRA)
ShareView Details
Assigner-Security Risk Advisors (SRA)
CVSS Score-7.1||HIGH
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:58
Updated-17 Jul, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Local File Inclusion (LFI) in Switchvox SMB Web Portal

An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The play_file functionality accepts user-controlled input through the sound_path parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying absolute paths, an authenticated attacker can retrieve files outside the intended directory scope.

Action-Not Available
Vendor-Sangoma Technologies Corp.
Product-Switchvox SMB Edition
CWE ID-CWE-73
External Control of File Name or Path
CVE-2026-9586
Assigner-Security Risk Advisors (SRA)
ShareView Details
Assigner-Security Risk Advisors (SRA)
CVSS Score-9.3||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:57
Updated-17 Jul, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated SQL Injection Leading to Remote Code Execution in Switchvox SMB

An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 (104997). The /pa endpoint processes XML content beginning with <PolycomIPPhone> and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization. An unauthenticated remote attacker can execute arbitrary SQL statements against the backend PostgreSQL database using a single crafted request, including database operations and remote code execution.

Action-Not Available
Vendor-Sangoma Technologies Corp.
Product-Switchvox SMB Edition
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-11763
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:56
Updated-17 Jul, 2026 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IDOR in GIS Informatics' GisLab Laboratory Management System

Authorization bypass through User-Controlled key vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows Exploitation of Trusted Identifiers. This issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026.

Action-Not Available
Vendor-Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc.
Product-GisLab Laboratory Management System
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-9585
Assigner-Security Risk Advisors (SRA)
ShareView Details
Assigner-Security Risk Advisors (SRA)
CVSS Score-8.6||HIGH
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:56
Updated-17 Jul, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Reflected Cross-Site Scripting (XSS) in Switchvox SMB Web Portal

An unauthenticated reflected cross-site scripting (XSS) vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 (104997). The application fails to properly sanitize the portal parameter supplied to the invalid_browser and invalid_browser_login handlers. User-supplied data is reflected into JavaScript generated by the application, allowing attacker-controlled script execution within a victim's browser.

Action-Not Available
Vendor-Sangoma Technologies Corp.
Product-Switchvox SMB Edition
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-63101
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:51
Updated-17 Jul, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Event Server 1.19.1 Unauthenticated Member Roster Export via CSV Export Endpoint

Open Event Server through 1.19.1 contains a missing authentication vulnerability that allows unauthenticated attackers to export the complete member roster of any group, including email addresses, names, join dates, and roles, by submitting requests to the group followers CSV export endpoint which lacks any authentication decorator. Attackers can enumerate sequential group IDs via brute-force, trigger an export via the unauthenticated POST endpoint, then poll the unauthenticated task status endpoint until completion to retrieve a download URL containing the full member CSV.

Action-Not Available
Vendor-fossasia
Product-open-event-server
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-8297
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:50
Updated-17 Jul, 2026 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQLi in GIS Informatics' GisLab Laboratory Management System

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection. This issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026.

Action-Not Available
Vendor-Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc.
Product-GisLab Laboratory Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-58148
Assigner-Joomla! Project
ShareView Details
Assigner-Joomla! Project
CVSS Score-8.7||HIGH
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:48
Updated-17 Jul, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Joomla Extension - chronoengine.com - Stored XSS in ChronoForms extension for Joomla < 8.0.53

The Joomla extension ChronoForms is vulnerable to an unauthenticated stored XSS vulnerability.

Action-Not Available
Vendor-chronoengine.com
Product-ChronoForms extension for Joomla
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-60024
Assigner-Joomla! Project
ShareView Details
Assigner-Joomla! Project
CVSS Score-Not Assigned
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:47
Updated-17 Jul, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Joomla Extension - joomdonation.com - Insecure default configuration Events Booking < 5.8.0

The Joomla extension Events Booking prior version 5.8.0 did by default allow unauthenticated users to upload media assets.

Action-Not Available
Vendor-joomdonation.com
Product-Events Booking extension for Joomla
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2026-58149
Assigner-Joomla! Project
ShareView Details
Assigner-Joomla! Project
CVSS Score-Not Assigned
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:45
Updated-17 Jul, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Joomla Extension - joomdonation.com - User enumeration in Events Booking < 5.8.0

The Joomla extension Events Booking is vulnerable to an unauthenticated user enumeration that allows to retrieve account usernames and email addresses.

Action-Not Available
Vendor-joomdonation.com
Product-Events Booking extension for Joomla
CVE-2026-63100
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:45
Updated-17 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Maybe 0.6.0 Missing Authorization via HostingsController show/update

Maybe through 0.6.0 contains a missing authorization vulnerability that allows authenticated low-privilege member-role users to access and modify global hosting settings by exploiting unprotected show and update actions in the Settings::HostingsController, where the before_action ensure_admin filter is applied only to the clear_cache action. Attackers can read the operator's Synth API key rendered in plaintext via a form field value attribute, overwrite it with an attacker-controlled value, toggle public registration settings, and disable email confirmation requirements to disrupt the entire instance.

Action-Not Available
Vendor-maybe-finance
Product-maybe
CWE ID-CWE-862
Missing Authorization
CVE-2026-60025
Assigner-Joomla! Project
ShareView Details
Assigner-Joomla! Project
CVSS Score-Not Assigned
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:44
Updated-17 Jul, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Joomla Extension - joomdonation.com - User enumeration in Events Booking < 5.8.0

The Joomla extension Events Booking prior version 5.8.0 had an frontend file upload endpoint that lacked CSRF protection.

Action-Not Available
Vendor-joomdonation.com
Product-Events Booking extension for Joomla
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-63099
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:39
Updated-17 Jul, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TheHive 4.1.24 Broken Object Level Authorization via Attachment Download Endpoints

TheHive through 4.1.24 contains a broken object-level authorization vulnerability in the attachment download endpoints that allows any authenticated user to access attachments belonging to other organizations by supplying a content-hash identifier. Attackers can exploit the missing organization-scoped authorization check in AttachmentSrv.visible, which is implemented as a pass-through traversal, to download arbitrary attachments.

Action-Not Available
Vendor-TheHive-Project
Product-TheHive
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-63098
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:38
Updated-17 Jul, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TheHive 4.1.24 Unauthenticated Information Disclosure via /api/status Endpoint

TheHive through 4.1.24 contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by sending a GET request to the /api/status endpoint, which lacks authentication enforcement in the StatusCtrl.scala handler. Attackers can obtain the datastore attachment protection password, configured authentication providers, SSO settings, MFA capabilities, and clustered node addresses and roles without any credentials.

Action-Not Available
Vendor-TheHive-Project
Product-TheHive
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-63097
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:32
Updated-17 Jul, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dendrite 0.13.8 syncapi /context Endpoint Post-Leave State Exposure

Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint (syncapi/routing/context.go) that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while ignoring IsInRoom, HasBeenInRoom, and Membership fields. Attackers who have left a room can call the rooms context API endpoint for a previously permitted event and receive unfiltered current room state that the /messages and /sync endpoints correctly withhold.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-dendrite
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-63096
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:30
Updated-17 Jul, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dendrite 0.13.8 SSRF via Unauthenticated Legacy Media Download Endpoint

Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers can exploit distinguishable error response classes and leaked internal IP addresses in error messages to perform blind port scanning and enumerate internal network topology.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-dendrite
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-9537
Assigner-CPAN Security Group
ShareView Details
Assigner-CPAN Security Group
CVSS Score-Not Assigned
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:29
Updated-17 Jul, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mojo::JWT versions before 1.02 for Perl verify HMAC signatures with a non-constant-time string comparison

Mojo::JWT versions before 1.02 for Perl verify HMAC signatures with a non-constant-time string comparison. The decode() method compares the supplied signature to the recomputed HMAC with Perl's eq operator, which stops at the first differing byte, so the comparison time varies with the number of matching leading bytes. A caller that decodes attacker supplied tokens leaks the expected signature through this timing variation, which can be aggregated over many requests to recover the signature and forge a token.

Action-Not Available
Vendor-JBERGER
Product-Mojo::JWT
CWE ID-CWE-208
Observable Timing Discrepancy
CVE-2026-63095
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:27
Updated-17 Jul, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dendrite 0.13.8 Improper Authorization via POST account/3pid/delete Endpoint

Dendrite through 0.13.8 contains an improper authorization vulnerability in the Matrix Client-Server API that allows any authenticated local user to delete third-party identifier bindings belonging to other users by submitting an arbitrary address and medium to the account deletion endpoint without ownership verification. Attackers can exploit the unverified Forget3PID handler to remove a victim's email or MSISDN binding and subsequently rebind the address through an identity server to hijack the victim's password reset flow.

Action-Not Available
Vendor-The Matrix.org Foundation
Product-dendrite
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-15783
Assigner-GitHub, Inc. (Products Only)
ShareView Details
Assigner-GitHub, Inc. (Products Only)
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:20
Updated-17 Jul, 2026 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed reading private repository metadata via delegated bypass rule suites

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs, commit messages, and the pushing actor. The delegated bypass endpoint resolved a rule suite directly from an attacker-supplied, encoded identifier without verifying that the requesting user could read the rule suite's repository, and because these identifiers are sequential an attacker could enumerate them across the instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in versions 3.17.18, 3.18.12, 3.19.9, 3.20.5, and 3.21.3. This vulnerability was reported via the GitHub Bug Bounty program.

Action-Not Available
Vendor-GitHub, Inc.
Product-Enterprise Server
CWE ID-CWE-862
Missing Authorization
CVE-2026-14741
Assigner-CPAN Security Group
ShareView Details
Assigner-CPAN Security Group
CVSS Score-Not Assigned
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:20
Updated-17 Jul, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTTP::Date versions before 6.08 for Perl allow CPU exhaustion via polynomial regex backtracking in parse_date

HTTP::Date versions before 6.08 for Perl allow CPU exhaustion via polynomial regex backtracking in parse_date. parse_date() matches the date string against a chain of alternative regexes, and str2time() delegates to it. Several of these patterns place unbounded quantifiers next to each other before a trailing `\s*$` anchor. A valid date prefix followed by a long interior run of digits, letters, or whitespace and a single trailing byte that defeats the final match forces the engine to repartition the run, giving polynomial (about quadratic) backtracking. A header value of a few tens of kilobytes runs for tens of seconds of CPU. HTTP::Date parses timestamps such as HTTP `Date`, `Expires`, and `Last-Modified` headers, which commonly originate from untrusted sources. Any caller that passes an untrusted date header to str2time() or parse_date() can be driven to consume unbounded CPU, a denial of service.

Action-Not Available
Vendor-OALDERS
Product-HTTP::Date
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2026-15343
Assigner-GitHub, Inc. (Products Only)
ShareView Details
Assigner-GitHub, Inc. (Products Only)
CVSS Score-8.6||HIGH
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:18
Updated-17 Jul, 2026 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path traversal vulnerability in GitHub Enterprise Server allowed writing files to arbitrary repository paths, including GitHub Actions workflow files, via unchecked Dependabot dependency-file paths

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker who had code execution inside the Dependabot updater container to write files to arbitrary repository paths, including GitHub Actions workflow files under .github/workflows/ as the path validation did not check the effective path which the attacker could control through the dependency file's directory and symlink target. If the repository used a pull_request_target workflow or had auto-merge enabled, an injected workflow could execute with access to the repository's GitHub Actions secrets. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in versions 3.21.3, 3.20.5, 3.19.9, 3.18.12, 3.17.18.

Action-Not Available
Vendor-GitHub, Inc.
Product-Enterprise Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-15007
Assigner-GitHub, Inc. (Products Only)
ShareView Details
Assigner-GitHub, Inc. (Products Only)
CVSS Score-5.7||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:16
Updated-17 Jul, 2026 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of service vulnerability in GitHub Enterprise Server allowed service disruption via deeply nested YAML in release notes configuration

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parsed without a nesting depth limit, causing excessive resource consumption that could render the instance unresponsive. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in versions 3.17.18, 3.18.12, 3.19.9, 3.20.5, and 3.21.3. This vulnerability was reported via the GitHub Bug Bounty program.

Action-Not Available
Vendor-GitHub, Inc.
Product-Enterprise Server
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-12715
Assigner-f45cbf4e-4146-4068-b7e1-655ffc2c548c
ShareView Details
Assigner-f45cbf4e-4146-4068-b7e1-655ffc2c548c
CVSS Score-8.5||HIGH
EPSS-Not Assigned
Published-17 Jul, 2026 | 15:09
Updated-17 Jul, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization in Firebase Studio allows Cross-Tenant Source Code Theft

Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no customer action is needed.

Action-Not Available
Vendor-Google Cloud
Product-Firebase Studio
CWE ID-CWE-862
Missing Authorization
CVE-2026-14871
Assigner-Fluid Attacks
ShareView Details
Assigner-Fluid Attacks
CVSS Score-7.1||HIGH
EPSS-Not Assigned
Published-17 Jul, 2026 | 14:55
Updated-17 Jul, 2026 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
osTicket v1.18.3 - v1.17.7 - BOLA/IDOR in ticket field viewing allows cross-department data disclosure

osTicket versions v1.18.3 and v1.17.7 contain a Broken Object Level Authorization (BOLA) leading to Insecure Direct Object Reference (IDOR) in the AJAX ticket-management subsystem.

Action-Not Available
Vendor-osTicket
Product-osTicket
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-12705
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-5.9||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 14:30
Updated-17 Jul, 2026 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integrity mechanism of KNX-device FW-files can be bypassed in ABB Update Tool

Missing support for integrity check vulnerability in ABB KNX Update Tool (ABB), ABB KNX Update Tool (BJE). This issue affects KNX Update Tool (ABB): through 2.0.175; KNX Update Tool (BJE): through 2.0.175.

Action-Not Available
Vendor-ABB
Product-KNX Update Tool (ABB)KNX Update Tool (BJE)
CWE ID-CWE-353
Missing Support for Integrity Check
CVE-2026-63093
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-Not Assigned
Published-17 Jul, 2026 | 14:23
Updated-17 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cursor for Windows 3.2.16 RCE via Malicious git.exe in Workspace

Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves and executes the workspace-resident git.exe during IDE startup and on a recurring timed cadence without any user interaction, running the malicious binary under the privileges of the current user.

Action-Not Available
Vendor-Anysphere, Inc.
Product-Cursor
CWE ID-CWE-426
Untrusted Search Path
CVE-2026-63094
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-7.6||HIGH
EPSS-Not Assigned
Published-17 Jul, 2026 | 14:22
Updated-17 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SigNoz 0.133.0 SSO OAuth State Manipulation Session Token Theft

SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from any user on instances configured with Google OAuth, SAML, or OIDC. Attackers can call the unauthenticated sessions context endpoint with a ref parameter pointing to an attacker-controlled host, deliver the resulting crafted login URL to a victim, and receive the victim's access and refresh tokens when they complete SSO authentication.

Action-Not Available
Vendor-SigNoz
Product-signoz
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-16089
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 14:15
Updated-17 Jul, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak-services: keycloak-services: authorization codes can be retargeted to another client session

A flaw was found in the keycloak-services component of Red Hat Build of Keycloak. The issue occurs because OAuth 2.0 authorization codes are not properly bound to the client that originally requested them. An attacker who can intercept an authorization code can modify it to be redeemed by their own client, potentially allowing them to obtain access tokens for a victim's identity.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Build of KeycloakRed Hat Data Grid 8Red Hat Single Sign-On 7
CVE-2026-16017
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 14:15
Updated-17 Jul, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mosaxiv clawlet cron Chat Tool tool_cron.go remove authorization

A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. Impacted is the function list/remove of the file tools/tool_cron.go of the component cron Chat Tool. The manipulation results in missing authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed with the label "not planned".

Action-Not Available
Vendor-mosaxiv
Product-clawlet
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-9592
Assigner-Switzerland National Cyber Security Centre (NCSC)
ShareView Details
Assigner-Switzerland National Cyber Security Centre (NCSC)
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-17 Jul, 2026 | 13:51
Updated-17 Jul, 2026 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sensitive Information Disclosure in HTTP header

SEPPmail Secure Email Gateway & SEPPmail Cloud before version 15.0.4.2 allows an attacker to replay & hijack a user session in the GINA web portal, as the session token is disclosed inside the URL and a HTTP header.

Action-Not Available
Vendor-SEPPmail
Product-SEPPmail Secure Email Gateway & SEPPmail Cloud
CWE ID-CWE-598
Use of GET Request Method With Sensitive Query Strings
CVE-2024-23572
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-4.2||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 13:51
Updated-17 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HCL Aftermarket EPC is vulnerable to attack as cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Action-Not Available
Vendor-HCLSoftware
Product-Aftermarket EPC
CWE ID-CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CVE-2024-23570
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-4.3||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 13:50
Updated-17 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HCL Aftermarket EPC is affected by clickjacking vulnerability Cross-Frame Scripting is an attack technique where an attacker loads a vulnerable application in an iFrame on his malicious site. The attacker can then launch a Clickjacking attack, which may lead to Phishing, Cross-Site Request Forgery, sensitive information leakage and more.

Action-Not Available
Vendor-HCLSoftware
Product-Aftermarket EPC
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-23578
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-4.2||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 13:50
Updated-17 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HCL Aftermarket EPC is vulnerable to attack as the application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain (*-Wildcard).

Action-Not Available
Vendor-HCLSoftware
Product-Aftermarket EPC
CWE ID-CWE-942
Permissive Cross-domain Policy with Untrusted Domains
CVE-2024-23569
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-4.3||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 13:49
Updated-17 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HCL Aftermarket EPC is vulnerable to attack since the server is not configured with “X-XSS-Protection" header

Action-Not Available
Vendor-HCLSoftware
Product-Aftermarket EPC
CWE ID-CWE-692
Incomplete Denylist to Cross-Site Scripting
CVE-2024-23577
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-4.3||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 13:46
Updated-17 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header poisoning, server misconfigurations.

Action-Not Available
Vendor-HCLSoftware
Product-Aftermarket EPC
CWE ID-CWE-20
Improper Input Validation
CVE-2024-23574
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 13:45
Updated-17 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HCL Aftermarket EPC is vulnerable to attack since It was found that a malicious actor can use brute-force techniques to either guess or confirm valid users in the system. Use renumeration is when a malicious actor can use brute-force techniques to either guess or confirm valid users in a system

Action-Not Available
Vendor-HCLSoftware
Product-Aftermarket EPC
CWE ID-CWE-204
Observable Response Discrepancy
CVE-2024-42214
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 13:45
Updated-17 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HCL Aftermarket EPC is vulnerable to attack since HTTP OPTIONS method is enabled on this web server. The OPTIONS method provides a list of the methods that are supported by the Web server which allows an attacker to narrow and intensify their efforts.

Action-Not Available
Vendor-HCLSoftware
Product-Aftermarket EPC
CWE ID-CWE-692
Incomplete Denylist to Cross-Site Scripting
CVE-2024-23575
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 13:43
Updated-17 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HCL Aftermarket EPC is vulnerable to attack since the application returns detailed error messages that leak information about the processing on the server. An attacker may use the contents of error messages to help launch another ,more focused attack.

Action-Not Available
Vendor-HCLSoftware
Product-Aftermarket EPC
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2024-23571
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-4.3||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 13:42
Updated-17 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HCL Aftermarket EPC is vulnerable to attack since the application does not have an appropriate caching policy specifying the extent to which the page and its form fields should be cached. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Action-Not Available
Vendor-HCLSoftware
Product-Aftermarket EPC
CWE ID-CWE-525
Use of Web Browser Cache Containing Sensitive Information
CVE-2024-23573
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-3.7||LOW
EPSS-Not Assigned
Published-17 Jul, 2026 | 13:42
Updated-17 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HCL Aftermarket EPC is vulnerable to attack since the Application is vulnerable to Lucky 13. that makes the SS LLUCKY13 possible affects the TLS1.1and 1.2 and DTLS1.0 or 1.2 implementations . It also affects previous versions such as SSL3.0 and TLS1.0. This can also be considered a type of man-in-the-middle attack.

Action-Not Available
Vendor-HCLSoftware
Product-Aftermarket EPC
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2026-16072
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 13:40
Updated-17 Jul, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak-services: keycloak-services: organization invitation link exposure allows unauthorized member creation

A flaw was found in the organization management component of Keycloak. A delegated administrator with permission to manage organizations can create an invitation for a non-existent email address and then retrieve the secret registration link directly through the application programming interface. By using this link, the administrator can create new user accounts and add them to the organization without having the required user management permissions or access to the invited email account. This allows an administrator to bypass security boundaries and add unauthorized members to an organization.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Build of KeycloakRed Hat Data Grid 8Red Hat Single Sign-On 7
CVE-2024-23568
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 13:38
Updated-17 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HCL Aftermarket EPC is vulnerable to attacks since the server software version used by the application is revealed by the web server. Displaying version information of software could allow an attacker to determine which vulnerabilities are present in the software, particularly if an outdated software version is in use with published vulnerabilities.

Action-Not Available
Vendor-HCLSoftware
Product-Aftermarket EPC
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-23565
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 13:36
Updated-17 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HCL Aftermarket EPC is vulnerable to email flooding as the application does not have a proper mail limitation mechanism at Forget Password functionality. The actor could b e a human or an automated process such as a virus or bot. This could be used to cause a denial of service, compromise program logic or other consequences.

Action-Not Available
Vendor-HCLSoftware
Product-Aftermarket EPC
CWE ID-CWE-799
Improper Control of Interaction Frequency
CVE-2024-23566
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-6.5||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 13:32
Updated-17 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HCL Aftermarket EPC is vulnerable to brute force attacks since application doesn’t have captcha implemented. It can lead to various security issues like brute force , automated attacks & account enumeration

Action-Not Available
Vendor-HCLSoftware
Product-Aftermarket EPC
CWE ID-CWE-804
Guessable CAPTCHA
CVE-2026-16016
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 13:30
Updated-17 Jul, 2026 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
poco-ai poco-claw task.py run_task server-side request forgery

A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function run_task of the file executor/app/api/v1/task.py. The manipulation of the argument callback_url leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The reported GitHub issue was closed automatically due to inactivity.

Action-Not Available
Vendor-poco-ai
Product-poco-claw
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-23567
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-4.3||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 13:28
Updated-17 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HCL Aftermarket EPC is affected by Sensitive Information in GET method & in URL which allows application to pass sensitive data via URL parameters during normal usage. Data passed in this manner can be exposed because it may end up stored in unintended locations, including server logs, local browser history and proxy logs.

Action-Not Available
Vendor-HCLSoftware
Product-Aftermarket EPC
CWE ID-CWE-804
Guessable CAPTCHA
CVE-2024-23564
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-9.1||CRITICAL
EPSS-Not Assigned
Published-17 Jul, 2026 | 13:25
Updated-17 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HCL Aftermarket EPC is affected by Business Logic Vulnerability using which a non valid user of the application can obtain passwords from the server and redirect them to their own email address by manipulating the server's response. The application includes checks in the initial requests to verify the validity of the provided UserId, but similar validation is not applied to Email requests when sending passwords to user emails.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-Aftermarket EPC
CWE ID-CWE-326
Inadequate Encryption Strength
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 7339
  • 7340
  • Next