CVE-2026-36610

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glib2 (UTSA-2026-021480)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021480 advisory. A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the...

EUVD-2026-29468

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

CVE-2026-42517

The CVE-2026-42517 entry affects the e-Sushrut HMIS system, where a vulnerability arises from using reversible Base64 encoding to protect sensitive data. The root cause is that sensitive parameters in the request URL are Base64-encoded rather than securely protected, allowing an authenticated att...

CDAC e-Sushrut 安全漏洞

CDAC e-Sushrut is a system platform provided by the Indian CDAC company that handles hospital information management and medical process support. There is a security vulnerability in CDAC e-Sushrut. This vulnerability stems from the use of reversible Base64 encoding to protect sensitive data. It...

Linux Distros Unpatched Vulnerability : CVE-2026-6019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - http.cookies.Morsel.jsoutput returns an inline snippet and only escapes for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence...

PYSEC-2026-48

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

CVE-2026-31381 Gainsight Assist plugin information disclosure

An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL...

SUSE-SU-2026:20221-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing bsc1257354. - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64...

CVE-2026-22543

CVE-2026-22543 affects devices whose web server accepts credentials in Base64 in HTTP headers. The base64 credential transmission is not encryption, enabling an attacker who can observe the login request to obtain credentials. Connected sources (including Red Hat, CIRCL sighting, NVD, CNNVD, and ...

CVE-2025-54322

Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used...

EUVD-2025-34619

Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts...

CVE-2025-56748

Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts...

PT-2025-40853

Name of the Vulnerable Software and Affected Versions The Ultimate Addons for Elementor Formerly Elementor Header & Footer Builder versions prior to 2.5.0 Description The software does not properly sanitize SVG file contents when uploaded. This occurs when using the xmlrpc.php endpoint with base6...

PT-2024-9093 · Zabbix +4 · Zabbix +4

Name of the Vulnerable Software and Affected Versions: Zabbix affected versions not specified Description: The issue is related to a buffer overflow in the str base64 encode rfc2047 function of the Zabbix server, which is part of a universal monitoring system. This can be exploited by a remote...

The vulnerability of Fortinet’s antivirus scanning system for FortiOS operating systems and FortiMail email protection systems allows attackers to bypass security restrictions.

The vulnerability of Fortinet’s antivirus software for FortiOS operating systems and the FortiMail email protection system is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions using MIME content wi...

PT-2022-5767 · Fortinet · Forticlient +2

Name of the Vulnerable Software and Affected Versions: FortiClient, FortiMail, and FortiOS AV engines versions 6.2.168 and below FortiClient, FortiMail, and FortiOS AV engines versions 6.4.274 and below Description: The issue is related to insufficient verification of data authenticity, which may...

CVE-2022-3206

The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode. This puts the password at risk in case the cookies get leaked...

WordPress 插件代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress Plugins is an open source application plugin for WordPress. A code issue vulnerability exists in WordPress Plugins that...

SAP Manufacturing Integration and Intelligence Encryption Downgrade Vulnerability

SAP Manufacturing Integration and Intelligence also known as MII, formerly known as xMII is a set of Germany's SAP SAP will be the core of the manufacturing system and enterprise process integration platform. The platform provides for enterprises to freely create a blend of manufacturing executio...