15 matches found
CVE-2025-26346
A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'" in maxprofile/menu/model.lua editUserGroupMenu endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via crafted HTTP...
CVE-2025-26346
creationtimestamp| type| source ---|---|--- 2025-02-12 14:20:51+00:00| seen| https://infosec.exchange/users/cve/statuses/113991355640661536...
CVE-2025-26346
A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'" in maxprofile/menu/model.lua editUserGroupMenu endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via crafted HTTP...
CVE-2025-26346
A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'" in maxprofile/menu/model.lua editUserGroupMenu endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via crafted HTTP...
CVE-2025-26346
The CVE-2025-26346 entry concerns Q-Free MaxTime
CVE-2023-26346
creationtimestamp| type| source ---|---|--- 2023-03-29 00:55:58+00:00| seen| https://t.me/cibsecurity/60977...
CVE-2023-26346
CVE-2023-26346 affects Adobe Dimension up to version 3.4.7. The issue is an out-of-bounds read during USD file parsing, enabling information disclosure and potential bypass of ASLR. Exploitation requires user interaction (victim opens a crafted file). Connected sources confirm the vulnerability c...
Adobe Dimension < 3.4.8 Multiple Vulnerabilities (APSB23-20) (macOS)
The version of Adobe Dimension installed on the remote macOS host is prior to 3.4.8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB23-20 advisory. - Adobe Dimension versions 3.4.7 and earlier is affected by a Stack-based Buffer Overflow vulnerability that could...
CVE-2021-26346
CVE-2021-26346 affects AMD Secure Processor (ASP) bootloader: failure to validate the integer operand can enable an integer overflow in the L2 directory table in SPI flash, leading to potential denial of service. Affected by several AMD/industry advisories; mitigation requires firmware/BIOS updat...
CVE-2021-26346
Failure to validate the integer operand in ASP AMD Secure Processor bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service...
CVE-2020-26346
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...
CVE-2022-26346
The CVE-2022-26346 issue affects TCL LinkHub Mesh Wi‑Fi MS1G_00_01.00_14. Talos/TALOS-2022-1507 describes a denial-of-service arising from how the device processes ProtoBuffer messages over port 9003 in the ucloud_del_node path. Specifically, MxpManageList data is parsed in the confsrv handler, w...
TCL LinkHub Mesh Wifi ucloud_del_node denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1507 TCL LinkHub Mesh Wifi uclouddelnode denial of service vulnerability August 1, 2022 CVE Number CVE-2022-26346 SUMMARY A denial of service vulnerability exists in the uclouddelnode functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted...
CVE-2020-26346
...
CVE-2020-26346
This CVE entry is rejected and not used; it does not represent an active vulnerability.