CVE-2026-6146

Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys. Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data dump of the object. Before version 1.3.0, the secrets were encrypted using a 64-bit key that was...

CVE-2026-6146

Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys. Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data dump of the object. Before version 1.3.0, the secrets were encrypted using a 64-bit key that was...

CVE-2026-6146

creationtimestamp| type| source ---|---|--- 2026-05-11 19:47:06+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mlm23hs5hc2s 2026-05-11 19:47:06+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mlm23hs5hc2s 2026-05-11 21:34:10+00:00| seen|...

CVE-2025-6146

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to...

CVE-2025-6146

creationtimestamp| type| source ---|---|--- 2025-06-16 23:40:58+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18553 2025-06-17 00:32:47+00:00| published-proof-of-concept| Telegram/1YjoRTNXMY4RH6kXSKEWMrI4TetFUtva-ZdtH-4HJXYyJM 2025-06-17 01:08:41+00:00| seen|...

CVE-2025-6146 TOTOLINK X15 HTTP POST Request formSysLog buffer overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to...

CVE-2025-6146 TOTOLINK X15 HTTP POST Request formSysLog buffer overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to...

CVE-2019-6146

It has been reported that cross-site scripting XSS is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 Medium /AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N...

RHEL 9 : python3.12 (RHSA-2024:6146)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6146 advisory. Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It...

Oracle Linux 9 : python3.12 (ELSA-2024-6146)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-6146 advisory. - Security fix for CVE-2024-8088 Resolves: RHEL-55964 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. No...

AlmaLinux 9 : python3.12 (ALSA-2024:6146)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:6146 advisory. cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection CVE-2024-6923 Tenable has extracted the preceding...

PT-2024-6487 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200L version 9.3.5u.6146 B20201023 Description: A critical vulnerability has been found in the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to a stack-based buffer...

CVE-2024-6146 Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability

Actiontec WCB6200Q uhgetpostdatawithupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this...

PT-2023-31745 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOlink EX1200L version 9.3.5u.6146 B20201023 Description: The issue allows for arbitrary command execution via the "cstecgi.cgi" interface, specifically through the setOpModeCfg function. This could potentially be exploited through the...

PT-2023-31746 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOlink EX1200L version 9.3.5u.6146 B20201023 Description: The issue allows for arbitrary command execution via the "cstecgi.cgi" interface, specifically through the UploadFirmwareFile function. This can be exploited through the /cstecgi.cgi...

CVE-2023-6146 Stored XSS Vulnerability in QualysGuard VM/PC

A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details...

CVE-2020-6146

An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. When drawing the contents of a page and selecting the stroke color from an 'ICCBased' colorspace, the application will read a length from the file and use it as a loop...

CVE-2020-6146

Nitro Pro 13.13.2.242 and 13.16.2.300 contain a heap-based buffer overflow in ICCBased color space stroke rendering. During page drawing, the code reads a length from the file and uses it as a loop sentinel to write into a static 0x248-byte buffer, allowing an attacker to overflow the heap when t...

Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Exploit Author: Prasenjit Kanti Paul Vendor Homepage: https://www.forcepoint.com/ Software Link: https://www.forcepoint.com/product/cloud-security/web-security...

Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting

Exploit Title: Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Exploit Author: Prasenjit Kanti Paul Vendor Homepage: https://www.forcepoint.com/ Software Link: https://www.forcepoint.com/product/cloud-security/web-security Version: Forcepoint Web Security 8.5 Tested on: Windows 7,10...