EUVD-2026-19038

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...

CVE-2026-3571

The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the piemain function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attacker...

CVE-2026-5544 UTT HiPER 1250GW formRemoteControl stack-based overflow

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...

CVE-2026-5544 UTT HiPER 1250GW formRemoteControl stack-based overflow

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...

CVE-2026-5544

CVE-2026-5544 affects UTT HiPER 1250GW, up to version 3.2.7-210907-180535. The vulnerability exists in an unknown function of the file /goform/formRemoteControl where manipulating the Profile argument causes a stack-based buffer overflow. It can be exploited remotely, and public exploits are avai...

PT-2026-30482

UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the upload endpoint. Attackers can upload PHP files with the type parameter set to Files and execute...

UTT HiPER 1250GW 安全漏洞

UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained security vulnerabilities. These vulnerabilities were caused by incorrect handling of parameters in the file/goform/formRemoteControl, which could lead to...

PT-2026-30469

LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending excessively long input strings. Attackers can exploit the Form Send Message feature by pasting 6000 bytes of data into the Message text field to trigger a denial of service...

PT-2026-30416

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...

UTT HiPER 1250GW 安全漏洞

UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained security vulnerabilities. These vulnerabilities were caused by incorrect handling of parameters in the file/goform/formNatStaticMap, specifically the...

EUVD-2016-10860

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snewsfiles directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by...

EUVD-2016-10858

Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST...

CVE-2016-20051

Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST...

CVE-2016-20052

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snewsfiles directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by...

CVE-2016-20052

CVE-2016-20052 affects Snews CMS 1.7 and describes an unrestricted file upload vulnerability exploitable by unauthenticated attackers. The issue allows uploading arbitrary files—including PHP executables—to the snews_files directory via the multipart form-data upload endpoint. Attackers can then ...

CVE-2016-20051 Snews CMS 1.7 Cross-Site Request Forgery via changeup

Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST...

CVE-2026-0626

The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpfoptinform' shortcode in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping of th...

CVE-2026-0626 WPFunnels <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpf_optin_form' Shortcode

The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpfoptinform' shortcode in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping of th...

CVE-2026-3445 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Missing Authorization to Authenticated (Subscriber+) Membership Payment Bypass

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership verification on...

CVE-2026-3571

The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the piemain function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attacker...