CVE-2021-41302

Same vendor

• CVE-2021-41301 — ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GE... (9.8 CRITICAL)
• CVE-2021-41300 — ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page ... (9.8 CRITICAL)
• CVE-2021-41299 — ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain adminis... (9.8 CRITICAL)
• CVE-2021-41298 — ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects ... (8.8 HIGH)
• CVE-2021-41297 — ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclos... (8.8 HIGH)

Same CWE

• CVE-2026-46622 — SolidInvoice is an open-source invoicing platform (8.1 HIGH)
• CVE-2026-53442 — Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job c... (5.3 MEDIUM)
• CVE-2026-10786 — Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain... (6.5 MEDIUM)
• CVE-2026-36176 — GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console (7.1 HIGH)
• CVE-2026-4387 — StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a...