The Aqara Cloud Production API (open-cn.aqara.com/v3.0/open/api) would authorize any valid developer token for access to any account. This is an in...
The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Cred...
A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on ...
CVE-2026-50751 — Check Point IKEv1 Authentication Bypass Standalone proof-of-concept for CVE-2026-50751 — a critical Check Point IKEv1 authenticati...
The iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attacke...
🚨 CVE-2026-35273 - Oracle PeopleSoft PeopleTools Unauthenticated Remote Code Execution --- ⚠️ Critical Unauthenticated RCE in Oracle PeopleSoft Pe...
🚨 CVE-2026-48907 - JCE Joomla Content Editor Unauthenticated Remote Code Execution --- ⚠️ Critical Unauthenticated RCE in JCE Joomla Content Edito...
CVE-2026-49777 CVE-2026-49777 - ShapedPlugin Product Slider Pro for WooCommerce Backdoor RCE In-Depth Technical Analysis: Product Slider Pro Backdo...
CVE-2026-8809 Advanced Custom Fields: Extended = 0.9.2.5 - Unauthenticated Privilege Escalation via Validation Bypass to 'acfpostid' Parameter This...
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthor...
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.
