90 matches found
CVE-2026-2155
A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub4208A0 of the file /goform/setdmz of the component Configuration Handler. The manipulation of the argument dmzhost/dmzenable results in os command injection. The attack can be executed remotely...
CVE-2026-2155
A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub4208A0 of the file /goform/setdmz of the component Configuration Handler. The manipulation of the argument dmzhost/dmzenable results in os command injection. The attack can be executed remotely...
CVE-2026-2155 D-Link DIR-823X Configuration set_dmz sub_4208A0 os command injection
A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub4208A0 of the file /goform/setdmz of the component Configuration Handler. The manipulation of the argument dmzhost/dmzenable results in os command injection. The attack can be executed remotely...
EUVD-2026-5794
A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub4208A0 of the file /goform/setdmz of the component Configuration Handler. The manipulation of the argument dmzhost/dmzenable results in os command injection. The attack can be executed remotely...
CVE-2026-22777
CVE-2026-22777 concerns ComfyUI-Manager, an extension for ComfyUI. A CRLF injection vulnerability exists in the configuration handling where an attacker can inject special characters into HTTP query parameters to add arbitrary values to the config.ini, potentially tampering with security settings...
CVE-2026-22777 ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler
ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or...
CVE-2025-15141
A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high...
CVE-2025-15141
A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high...
CVE-2025-15141
A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high...
CVE-2025-15141
CVE-2025-15141 affects Halo up to 2.21.10 in the Configuration Handler, where manipulating the /actuator file may cause information disclosure. The issue is exploitable from remote with high complexity; exploit has been publicly disclosed. Connected sources (Red Hat, CIRCL, NVD/CVE feeds, PT Secu...
EUVD-2025-205514
A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high...
PT-2025-53656
Name of the Vulnerable Software and Affected Versions Halo versions up to 2.21.10 Description A flaw exists in Halo, specifically within the Configuration Handler component. This issue involves the processing of the /actuator file and can lead to information disclosure. The attack can be carried...
D-Link DIR-803 Information Disclosure Vulnerability
The D-Link DIR-803 is a wireless router from China's AUO D-Link. The D-Link DIR-803 suffers from an information disclosure vulnerability that originates from the incorrect operation of the parameter AUTHORIZEDGROUP in the file /getcfg.php of the component Configuration Handler, which can be...
CVE-2025-14528
A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZEDGROUP results in information disclosure. The attack may be performed from remote. The exploit is no...
CVE-2025-14528 D-Link DIR-803 Configuration getcfg.php information disclosure
A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZEDGROUP results in information disclosure. The attack may be performed from remote. The exploit is no...
PT-2025-50639
Name of the Vulnerable Software and Affected Versions D-Link DIR-803 versions prior to 1.05 Description A flaw exists in D-Link DIR-803, potentially leading to information disclosure. The issue resides within the Configuration Handler component, specifically in the /getcfg.php file. Manipulation ...
CVE-2025-12204 Kamailio Configuration File rvalue.c rve_destroy heap-based overflow
A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rvedestroy of the file src/core/rvalue.c of the component Configuration File Handler. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed...
EUVD-2023-23705
Malicious code in bioql PyPI...
EUVD-2025-18957
Malicious code in bioql PyPI...
EUVD-2025-20272
Malicious code in bioql PyPI...