CVE-2024-36295

A command execution vulnerability exists in the qos.cgi qossta functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-56902

Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password...

CVE-2024-56902

Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password...

CVE-2024-53582

An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted HTTP request...

CVE-2025-24501

CVE-2025-24501 affects Broadcom Symantec Privileged Access Management (PAM). The provided sources describe an improper input validation that allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request. The impact is log tampering of PAM activity; no evidence o...

Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs CVE-2024-53263 For mo...

RHEL 8 : git-lfs (RHSA-2025:0845)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:0845 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...

CVE-2024-12705

Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...

The vulnerability of the sdnproxy module of the FortiAnalyzer security monitoring and event analysis tool, as well as the FortiManager device management software, allows a perpetrator to execute arbitrary code and gain increased privileges.

The vulnerability of the sdnproxy module of the FortiAnalyzer security monitoring and event analysis tool, as well as the FortiManager device management software, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to...

CVE-2022-23439

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the Host header points to an arbitrary webserver...

WAVLINK AC3000 Information Disclosure Vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from an information disclosure vulnerability that can be exploited by an attacker to cause the disclosure of sensitive information via a specially crafted HTTP request...

The vulnerability of the WebSocket module in Node.js operating systems on FortiOS and proxy servers, which allows attackers to elevate privileges to the “super-admin” level.

The vulnerability of the WebSocket module in Node.js operating systems on FortiOS and FortiProxy proxy servers relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to elevate their privileges to “super-admi...

Git LFS permits exfiltration of credentials via crafted HTTP URLs

Impact When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters, and then sends any credentials it receives back from the Git credential helper to the remote host...

CVE-2024-53263

Git LFS (Git Large File Storage) is affected by CVE-2024-53263. The vulnerability arises when Git LFS requests credentials from Git for a remote host and passes portions of the host URL to git-credential(1) without sanitizing embedded line-ending control characters. An attacker could insert URL-e...

CVE-2024-53263 Git LFS permits exfiltration of credentials via crafted HTTP URLs

Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters, and then sends any credentials it receives back fr...

CVE-2024-39770

Multiple buffer overflow vulnerabilities exist in the internet.cgi setqos functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This...

CVE-2024-39294

A buffer overflow vulnerability exists in the adm.cgi setwzdgw4G functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39299

A buffer overflow vulnerability exists in the qos.cgi qosstasettings functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-36272

A buffer overflow vulnerability exists in the usbip.cgi setinfo functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39756

Talos reports CVE-2024-39756 as a buffer overflow in Wavlink AC3000 adm.cgi rep_as_router() for version M33A8.V5030.210505. The overflow occurs when user-supplied data (e.g., wl_rep_ssid2g) is copied to the stack without length checks after passing an authenticated HTTP request, enabling arbitrar...