Lucene search
K

156 matches found

Vulnrichment
Vulnrichment
added 2026/03/17 5:19 p.m.3 views

CVE-2026-32296 Sipeed NanoKVM unauthenticated Wi-Fi configuration endpoint

Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate...

8.8CVSS5.8AI score0.00504EPSS
Exploits0References4
NVD
NVD
added 2026/03/16 2:17 p.m.9 views

CVE-2017-20217

Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrie...

8.7CVSS0.00661EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/03/16 10:13 a.m.4 views

CVE-2026-3024 Stored Cross-Site Scripting (XSS) vulnerability in the Wakyma application web

Stored Cross-Site Scripting XSS vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'. A user with permission to create personalized accounts could exploit this vulnerability simply by creating a malicious survey...

4.8CVSS5.8AI score0.00133EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/15 6:34 p.m.11 views

CVE-2017-20220 Serviio PRO 1.8 Unauthenticated Password Change via REST API

Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...

8.7CVSS5.8AI score0.00395EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/03/12 6:10 p.m.29 views

CVE-2026-32100 swag/platform-security: `/api/_info/config` route exposes information about licenses and active security fixes

Shopware is an open commerce platform. /api/info/config route exposes information about active security fixes. This vulnerability is fixed in 2.0.16, 3.0.12, and 4.0.7...

5.3CVSS0.00201EPSS
Exploits0References1
OSV
OSV
added 2026/03/10 11:57 p.m.3 views

GHSA-7FV4-FMMC-86G2 @siteboon/claude-code-ui is Vulnerable to Shell Command Injection in Git Routes

Shell Command Injection in User Git Config Endpoint | Field | Value | |-------|-------| | Severity | High | | CVSS 3.1 | 8.8 High — when chained with VULN-01 | | CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' | | Attack Vector | Network | |...

8.7CVSS6.2AI score0.06034EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/10 4:15 p.m.27 views

CVE-2026-30928 Glances Exposes Unauthenticated Configuration Secrets

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file glances.conf via self.config.asdict with no filtering of sensitive values. The configuration file contains credentials for all...

8.7CVSS0.01657EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.10 views

glances 信息泄露漏洞

Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.1 contained an information leakage vulnerability. This vulnerability stemmed from the API/4/config REST API endpoint, which did not filter sensitive configuration values, potentially leading to...

8.7CVSS7.3AI score0.01657EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/08 1:44 a.m.6 views

CVE-2026-25071

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...

8.7CVSS5.8AI score0.00512EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.8 views

Centreon Web 安全漏洞

Centreon Web is a set of open-source system monitoring tools developed by the French company Centreon. This product primarily provides monitoring functions for resources such as networks, systems, and applications. Centreon Web has security vulnerabilities; these vulnerabilities stem from bypassi...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/24 1:34 a.m.8 views

CVE-2026-2961

A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried...

9CVSS8.7AI score0.0341EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/23 7:26 a.m.4 views

CVE-2026-2906

A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argument sambaCap results in stack-based buffer overflow. The attack may be launched remotely. The...

9CVSS6.2AI score0.00576EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/23 7:26 a.m.5 views

CVE-2026-2927

A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub462590 of the file /boafrm/formOpMode of the component Operation Mode Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be...

9CVSS6.2AI score0.00642EPSS
Exploits1References1
NVD
NVD
added 2026/02/23 1:16 a.m.8 views

CVE-2026-2961

A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried...

9CVSS0.0341EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/23 12:2 a.m.6 views

CVE-2026-2961 D-Link DWR-M960 VPN Configuration Endpoint formVpnConfigSetup sub_4196C4 stack-based overflow

A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried...

9CVSS8.7AI score0.0341EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/23 12:2 a.m.25 views

CVE-2026-2961 D-Link DWR-M960 VPN Configuration Endpoint formVpnConfigSetup sub_4196C4 stack-based overflow

A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried...

9CVSS0.0341EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/23 12:2 a.m.5 views

CVE-2026-2961

A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried...

9CVSS8.6AI score0.0341EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/02/23 12:2 a.m.17 views

CVE-2026-2961

D-Link DWR-M960 (firmware 1.01.07) VPN Configuration Endpoint formVpnConfigSetup sub_4196C4 is vulnerable: manipulating the argument submit-url causes a stack-based overflow. The issue is exploitable remotely and has been disclosed publicly. CVSS details vary by source (up to 8.8–9.0 in provided ...

9CVSS8.6AI score0.0341EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.6 views

PT-2026-21472

Name of the Vulnerable Software and Affected Versions D-Link DWR-M960 version 1.01.07 Description A stack-based buffer overflow exists in the D-Link DWR-M960 router. This issue is located within the sub 4196C4 function of the /boafrm/formVpnConfigSetup component, which manages VPN configuration...

9CVSS7.4AI score0.0341EPSS
Exploits1References16
OSV
OSV
added 2026/02/22 5:16 a.m.7 views

CVE-2026-2926

A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...

8.8CVSS6.4AI score0.00642EPSS
Exploits1References5
Rows per page
Query Builder