CVE-2021-4479 Dräger Atlan A350 1.00-1.01 DoS via Medibus Interface

Dräger Atlan A350 software versions 1.00 through 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can transmit malformed data to overload th...

CVE-2026-8422

CVE-2026-8422 concerns the WordPress plugin Remove meta boxes per user role (versions up to and including 1.01). The vulnerability stems from missing or incorrect nonce validation on the remove-meta-boxes-per-user-role page, enabling CSRF. This could allow unauthenticated attackers to modify or r...

CVE-2026-8422 Remove meta boxes per user role <= 1.01 - Cross-Site Request Forgery to Settings Update

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

PT-2026-45815

Name of the Vulnerable Software and Affected Versions Dräger Atlan A350 versions 1.00 through 1.01 Description Improper input handling allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Transmitting malformed dat...

PT-2026-45709

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

WordPress Remove meta boxes per user role plugin <= 1.01 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin Remove meta boxes per user role versions = 1.01...

CVE-2026-7462

The VatanSMS WP SMS plugin for WordPress is affected by a Reflected Cross-Site Scripting (XSS) vulnerability via the page parameter in all versions up to 1.01. Root cause: insufficient input sanitization and output escaping. Impact: unauthenticated attackers could inject arbitrary scripts into pa...

EUVD-2026-31027

The VatanSMS WP SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 1.01. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2026-7462 VatanSMS WP SMS <= 1.01 - Reflected Cross-Site Scripting via 'page' Parameter

The VatanSMS WP SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 1.01. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2026-7462 VatanSMS WP SMS <= 1.01 - Reflected Cross-Site Scripting via 'page' Parameter

The VatanSMS WP SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 1.01. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2026-5815

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgimain of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only...

D-Link DIR-645 安全漏洞

The D-Link DIR-645 is a wireless router produced by D-Link Corporation. Versions 1.01, 1.02, and 1.03 of the D-Link DIR-645 contain security vulnerabilities. These vulnerabilities stem from a stack-based buffer overflow vulnerability in the function hedwigcgimain located in the /cgi-bin/hedwig.cg...

CVE-2026-5815 D-Link DIR-645 hedwig.cgi hedwigcgi_main stack-based overflow

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgimain of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only...

CVE-2023-7339

Stack-based buffer overflow vulnerability in Softing Industrial Automation GmbH gateways allows overflow buffers. This issue affects pnGate: through 1.30 epGate: through 1.30 mbGate: through 1.30 smartLink HW-DP: through 1.30 smartLink HW-PN: through 1.01...

PT-2026-21429

Name of the Vulnerable Software and Affected Versions Tosei Online Store Management System version 1.01 Description A security flaw exists in the function system of the /cgi-bin/monitor.php file within the HTTP POST Request Handler component. Manipulation of the DevId argument results in operatin...

Tosei Online Store Management System 操作系统命令注入漏洞

Tosei Online Store Management System is an online store management system developed by Tosei Corporation. Version 1.01 of the Tosei Online Store Management System contains a vulnerability related to operating system command injection. This vulnerability arises from incorrect handling of the...

CVE-2020-37005

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

TimeClock SQL injection vulnerability

TimeClock is a time management software developed by TimeClock Corporation. Version 1.01 of TimeClock contains a SQL injection vulnerability. This vulnerability stems from the notes parameter in the addentry.php endpoint, which allows for time-based SQL injections, potentially enabling enumeratio...

CVE-2026-1192

A vulnerability was determined in Tosei Online Store Management System ネット店舗管理システム 1.01. The affected element is an unknown function of the file /cgi-bin/imodealldata.php. Executing a manipulation of the argument DevId can lead to command injection. The attack can be executed remotely. The exploi...

Tosei Online Store Management System Command Injection Vulnerability

Tosei Online Store Management System is an online store management system developed by Tosei Corporation. Version 1.01 of the Tosei Online Store Management System contains a command injection vulnerability. This vulnerability arises from incorrect handling of the parameter DevId in the...