CVE-2025-37165 Exposure of VLAN information in unintended network interfaces

A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor could gain knowledge of internal network configuration details through inspecting impacted packets...

CVE-2025-37165

CVE-2025-37165 concerns HPE Instant On Access Points. The issue is in router mode configuration that could disclose internal network configuration details to unintended interfaces by inspecting impacted packets. Affected component: router mode configuration; root cause: misconfiguration allowing ...

CVE-2025-37165 Exposure of VLAN information in unintended network interfaces

A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor could gain knowledge of internal network configuration details through inspecting impacted packets...

HPE Networking Instant On Access Points 安全漏洞

HPE Networking Instant On Access Points is a wireless network access point from HPE America. A security vulnerability exists in HPE Networking Instant On Access Points that stems from the processing of specially crafted packets that may cause the device to be unresponsive, potentially triggering ...

PT-2026-2451

Name of the Vulnerable Software and Affected Versions HPE Instant On Access Points affected versions not specified Description A flaw exists in the router mode configuration of HPE Instant On Access Points. This issue could allow a malicious actor to obtain knowledge of internal network...

HPE Instant On Access Points 安全漏洞

HPE Instant On Access Points is a wireless access point from HPE America. A security vulnerability exists in HPE Instant On Access Points that stems from a router mode misconfiguration, which could disclose internal network configuration information...

CVE-2020-24636

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aru...

CVE-2024-39342

Entrust Instant Financial Issuance formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library i.e. DCG.Security.dll with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of t...

CVE-2024-39341

Entrust Instant Financial Issuance On Premise Software formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file i.e. WebAPI.cfg.xml after the installation process. This file can be accessed without authentication on HTTP port 80 by guessin...

CVE-2025-23672

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tenteeglobal Instant Appointment instant-appointment allows Reflected XSS.This issue affects Instant Appointment: from n/a through = 1.2...

CVE-1999-0486

Denial of service in AOL Instant Messenger when a remote attacker sends a malicious hyperlink to the receiving client, potentially causing a system crash...

CVE-2019-16753

An issue was discovered in Decentralized Anonymous Payment System DAPS through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatur...

CVE-2023-54284

In the Linux kernel, the following vulnerability has been resolved: media: av7110: prevent underflow in writetstodecoder The buf4 value comes from the user via tsplay. It is a value in the u8 range. The final length we pass to av7110ipackinstantrepack is "len - buf4 + 1 - 4" so add a check to...

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

turms 安全漏洞

turms is an instant messaging engine from turms-im open source. A security vulnerability exists in turms v0.10.0-SNAPSHOT and prior versions, which stems from cross-site request forgery and could lead to elevation of privilege...

EUVD-2025-202182

Entrust Instant Financial Issuance IFI On Premise software formerly referred to as CardWizard versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the Legacy Remoting Service that is enabled by default. The service registers a TCP remoting channel with...

CVE-2025-34414 Entrust Instant Financial Issuance (IFI) Legacy Remoting Service .NET Remoting RCE

Entrust Instant Financial Issuance IFI On Premise software formerly referred to as CardWizard versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the Legacy Remoting Service that is enabled by default. The service registers a TCP remoting channel with...

EUVD-2025-198532

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the dexbccfcheckIPNverification function. This makes it possible for unauthenticated...

EUVD-2025-198535

The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to fake payment creation in all versions up to, and including, 1.1.7. This is due to the plugin not properly verifying the authenticity of an IPN request. This makes it possible for unauthenticated attackers to create...

CVE-2025-12752 Subscriptions & Memberships for PayPal <= 1.1.7 - Unauthenticated Fake Payment Creation

The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to fake payment creation in all versions up to, and including, 1.1.7. This is due to the plugin not properly verifying the authenticity of an IPN request. This makes it possible for unauthenticated attackers to create...