14 matches found
CVE-2026-44440
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability on an endpoint allows an authenticated adjacent attacker to read arbitrary files. This vulnerability is...
CVE-2026-44440
ERPNext is affected by a path traversal vulnerability (CVE-2026-44440) in which an authenticated adjacent attacker can read arbitrary files due to improper limitation of a pathname to a restricted directory. The issue exists prior to versions 15.101.1 and 16.10.0 and is fixed in those releases. C...
CVE-2026-30816
An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device,...
CVE-2026-30817
An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device,...
CVE-2026-30817 Arbitrary File Reading Vulnerability in dnsmasq Module in TP-Link AX53
An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device,...
CVE-2026-30814
Affects TP-Link Archer AX53 v1.0. The vulnerability is a stack-based buffer overflow in the tmpServer module, allowing an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a crafted configuration file. Exploitation may crash the device and ...
CVE-2026-0655
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TP-Link Deco BE25 v1.0 web modules allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822...
CVE-2026-0655
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TP-Link Deco BE25 v1.0 web modules allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822...
CVE-2026-0654
Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbitrary commands via crafted configuration file, impacting confidentiality, integrity and availabili...
PT-2026-22661
Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbitrary commands via crafted configuration file, impacting confidentiality, integrity and availabili...
CVE-2025-15035
Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 vpn modules allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤...
CVE-2025-15035 Arbitrary File Deletion Vulnerability in TP-Link Archer AXE75
Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 vpn modules allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤...
PT-2022-2551 · Cisco · Cisco Umbrella Secure Web Gateway
Name of the Vulnerable Software and Affected Versions: Cisco Umbrella Secure Web Gateway SWG affected versions not specified Description: A vulnerability in the automatic decryption process could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies...
CVE-2019-15246
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An...