PT-2026-23471

Name of the Vulnerable Software and Affected Versions D-Link DIR-513 version 1.10 Description The D-Link DIR-513 version 1.10 device has a flaw where it doesn't properly check the FILECODE parameter when handling POST requests to the /goform/formLogin endpoint. This allows for a path traversal...

CVE-2026-1689

A vulnerability was detected in Tenda HG10 USHG7HG9HG10re300001138enxpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be launche...

Tenda HG10 command injection vulnerability

The Tenda HG10 is a fiber-optic router produced by the Chinese company Tenda. The Tenda HG10 USHG7HG9HG10re300001138enxpon has a command injection vulnerability. This vulnerability stems from incorrect handling of parameters in the files /boaform/admin/formLogin, specifically the parameter Host,...

EUVD-2017-10804

Malware in sbrugna...

EUVD-2025-24577

Malicious code in bioql PyPI...

GHSA-3GGV-QWCP-J6XG Mautic Vulnerable to User Enumeration via Response Timing

Impact The attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker could attempt brute force attacks. Patches This vulnerability has been patched, implementing a timing-safe form login...

CVE-2025-9533

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241B20210927. Affected is an unknown function of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed t...

PT-2025-34875 · Totolink · Totolink T10

Name of the Vulnerable Software and Affected Versions: TOTOLINK T10 version 4.1.8cu.5241 B20210927 Description: A vulnerability exists in TOTOLINK T10 version 4.1.8cu.5241 B20210927 related to improper authentication. The issue is located in the /formLoginAuth.htm file and involves the manipulati...

Linux Distros Unpatched Vulnerability : CVE-2024-36611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username...

TOTOLINK A7000R Certification Bypass Vulnerability

TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A7000R suffers from an authentication bypass vulnerability that stems from formLoginAuth.htm not properly validating a login request, which can be exploited by an attacker to bypass authentication, tamper wi...

CVE-2025-51451

In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm...

TOTOLINK EX1200T 安全漏洞

The TOTOLINK EX1200T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. The TOTOLINK EX1200T suffers from an authentication bypass vulnerability that originates from formLoginAuth.htm not properly validating the login request, which can be exploited by an attacker to gain system...

PT-2025-33019 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T firmware version 4.1.2cu.5215 Description: An attacker can bypass login by sending a specific request through the formLoginAuth.htm endpoint. Recommendations: Apply a firmware update that addresses this login bypass issue. As...

CVE-2025-51452

In TOTOLINK A7000R firmware 9.1.0u.6115B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm...

TOTOLINK T6 安全漏洞

TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. An authentication error vulnerability exists in TOTOLINK T6 version 4.1.5cu.748B20211015, which stems from a lack of authentication in the parameter authCode/goURL in the file /formLoginAuth.htm. An attacker could...

PT-2025-27462 · Totolink · Totolink T6

Name of the Vulnerable Software and Affected Versions: TOTOLINK T6 version 4.1.5cu.748 B20211015 Description: A critical vulnerability was found in the TOTOLINK T6, affecting the Form Login function of the file /formLoginAuth.htm. The manipulation of the authCode/goURL argument leads to missing...

CVE-2024-36611

In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic...

CVE-2023-24351

D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the FILECODE parameter at /goform/formLogin...

CVE-2025-4344

A vulnerability, which was classified as critical, was found in D-Link DIR-600L up to 2.07B01. This affects the function formLogin. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. This vulnerability only affects products that are no...

DEBIAN-CVE-2024-36611

In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic...