694 matches found
Exploit for CVE-2026-7731
CTT-Refraction-Vortex-CVE-2026-7731- Under CTT, we see it as a...
TP-Link's various products have security vulnerabilities
TP-Link Omada Controllers are products of the Chinese company TP-Link. TP-Link Omada Controllers are a series of centralized management platforms. TP-Link Omada Gateways are a series of gateway devices. TP-Link Omada Access Points are a series of access point devices. Several TP-Link products hav...
PT-2026-4304
Name of the Vulnerable Software and Affected Versions Omada Controllers, Gateways and Access Points affected versions not specified Description An authentication weakness exists in Omada Controllers, Gateways, and Access Points related to controller-device adoption. This is due to improper handli...
CVE-2017-18923
beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials...
CVE-2020-7548
A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways see security notification for version information that could allow unauthorized users to login...
CVE-2026-0625
Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DN...
CVE-2026-0625
CVE-2026-0625 affects multiple D-Link DSL gateway devices (e.g., DSL-2740R, DSL-2640B, DSL-2780B, DSL-526B). The dnscfg.cgi endpoint permits an unauthenticated remote command injection due to improper sanitization, enabling arbitrary shell commands execution and DNS configuration modification wit...
PT-2026-1338
Name of the Vulnerable Software and Affected Versions D-Link DSL-2640B versions ≤ 1.07 D-Link DSL-2740R versions 1.17 D-Link DSL-2780B versions ≤ 1.01.14 D-Link DSL-526B versions ≤ 2.01 D-Link DSL gateway devices affected versions not specified Description A critical remote code execution RCE...
Training-Free Color-Aware Adversarial Diffusion Sanitization for Diffusion Stegomalware Defense at Security Gateways
The rapid expansion of generative AI has normalized large-scale synthetic media creation, enabling new forms of covert communication. Recent generative steganography methods, particularly those based on diffusion models, can embed high-capacity payloads without fine-tuning or auxiliary decoders,...
CVE-2025-14733
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability...
JPCERT Confirms Active Command Injection Attacks on Array AG Gateways
A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week. The vulnerability, which does not have a CVE identifier, was addressed by the company on May 11, 2025. It's...
EUVD-2025-201298
A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service DoS condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware O...
EUVD-2024-30202
Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device...
CVE-2024-32384
Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device...
CVE-2024-32384
Kerlink KerOS gateways before version 5.10 expose the web interface only over HTTP, with no HTTPS support. This transport security gap enables a man‑in‑the‑middle attacker to intercept/modify traffic between clients and devices. Affected product: Kerlink gateways running KerOS pre‑5.10. Root caus...
CVE-2024-32384
Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device...
PT-2025-48465
Name of the Vulnerable Software and Affected Versions Kerlink gateways versions prior to 5.10 Description Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, lacking HTTPS support. This absence of transport layer security enables a...
EUVD-2025-198863
Malicious code in @ensdomains/unruggable-gateways npm...
EUVD-2025-198030
A remote command execution RCE vulnerability was discovered in all H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points versions R0162P07, UAP700-WPT330-E2265, UAP672-WPT330-R2262, UAP662E-WPT330-R2262P03, WAP611-WPT330-R1348-OASIS,...
CVE-2025-63258
A remote command execution RCE vulnerability was discovered in all H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points versions R0162P07, UAP700-WPT330-E2265, UAP672-WPT330-R2262, UAP662E-WPT330-R2262P03, WAP611-WPT330-R1348-OASIS,...