156 matches found
CVE-2026-32296 Sipeed NanoKVM unauthenticated Wi-Fi configuration endpoint
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate...
CVE-2017-20217
Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrie...
CVE-2026-3024 Stored Cross-Site Scripting (XSS) vulnerability in the Wakyma application web
Stored Cross-Site Scripting XSS vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'. A user with permission to create personalized accounts could exploit this vulnerability simply by creating a malicious survey...
CVE-2017-20220 Serviio PRO 1.8 Unauthenticated Password Change via REST API
Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...
CVE-2026-32100 swag/platform-security: `/api/_info/config` route exposes information about licenses and active security fixes
Shopware is an open commerce platform. /api/info/config route exposes information about active security fixes. This vulnerability is fixed in 2.0.16, 3.0.12, and 4.0.7...
GHSA-7FV4-FMMC-86G2 @siteboon/claude-code-ui is Vulnerable to Shell Command Injection in Git Routes
Shell Command Injection in User Git Config Endpoint | Field | Value | |-------|-------| | Severity | High | | CVSS 3.1 | 8.8 High — when chained with VULN-01 | | CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' | | Attack Vector | Network | |...
CVE-2026-30928 Glances Exposes Unauthenticated Configuration Secrets
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file glances.conf via self.config.asdict with no filtering of sensitive values. The configuration file contains credentials for all...
glances 信息泄露漏洞
Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.1 contained an information leakage vulnerability. This vulnerability stemmed from the API/4/config REST API endpoint, which did not filter sensitive configuration values, potentially leading to...
CVE-2026-25071
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...
Centreon Web 安全漏洞
Centreon Web is a set of open-source system monitoring tools developed by the French company Centreon. This product primarily provides monitoring functions for resources such as networks, systems, and applications. Centreon Web has security vulnerabilities; these vulnerabilities stem from bypassi...
CVE-2026-2961
A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried...
CVE-2026-2906
A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argument sambaCap results in stack-based buffer overflow. The attack may be launched remotely. The...
CVE-2026-2927
A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub462590 of the file /boafrm/formOpMode of the component Operation Mode Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be...
CVE-2026-2961
A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried...
CVE-2026-2961 D-Link DWR-M960 VPN Configuration Endpoint formVpnConfigSetup sub_4196C4 stack-based overflow
A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried...
CVE-2026-2961 D-Link DWR-M960 VPN Configuration Endpoint formVpnConfigSetup sub_4196C4 stack-based overflow
A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried...
CVE-2026-2961
A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried...
CVE-2026-2961
D-Link DWR-M960 (firmware 1.01.07) VPN Configuration Endpoint formVpnConfigSetup sub_4196C4 is vulnerable: manipulating the argument submit-url causes a stack-based overflow. The issue is exploitable remotely and has been disclosed publicly. CVSS details vary by source (up to 8.8–9.0 in provided ...
PT-2026-21472
Name of the Vulnerable Software and Affected Versions D-Link DWR-M960 version 1.01.07 Description A stack-based buffer overflow exists in the D-Link DWR-M960 router. This issue is located within the sub 4196C4 function of the /boafrm/formVpnConfigSetup component, which manages VPN configuration...
CVE-2026-2926
A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...