4 matches found
CVE-2026-61876
LuCI DHCPv6 lease hostnames are not properly encoded before rendering in status pages, enabling stored cross-site scripting. An adjacent attacker can deliver a DHCPv6 Client FQDN containing script tags that execute in the administrator’s browser when viewing DHCP lease pages. Affected: LuCI web i...
CVE-2026-5351
The CVE-2026-5351 instance affects Trendnet TEW-657BRM 1.00.1, with a vulnerability in the add_wps_client function in /setup.cgi. The parameter wl_enrolee_pin can be manipulated, causing OS command injection. The attack may be initiated remotely, with publicly available exploit evidence. The vend...
Linux Distros Unpatched Vulnerability : CVE-2020-15693
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part o...
DLL Hijacking Vulnerability in Haofang Gaming Platform of Shanghai Haofang Online Information Technology Co.
Haofang Gaming Platform is a competitive gaming platform. Shanghai Haofang Online Information Technology Co. Haofang e-sports platform has a DLL hijacking vulnerability, which can be exploited by an attacker to inject an executable DLL file into the client process to perform arbitrary functions...