CVE-2026-44830

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when APITOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS alloworigins="",...

CVE-2026-0406

The CVE refers to CVE-2026-0406 affecting NETGEAR XR1000v2, where insufficient input validation allows attackers on the LAN to perform OS command injections. Affected component is the device firmware’s handling of inputs that leads to command execution; root cause is input validation weakness. Do...

CVE-2025-66177

CVE-2025-66177 describes a stack overflow vulnerability in Hikvision NVR/DVR/CVR/IPC devices’ Search and Discovery feature. An attacker on the same LAN could cause a device to malfunction by sending specially crafted packets to an unpatched device. Connected sources corroborate a Hikvision stack-...

EUVD-2020-29951

Malware in sbrugna...

EUVD-2022-31220

Malicious code in bioql PyPI...

CVE-2020-9122

Some Huawei products have an insufficient input verification vulnerability. Attackers can exploit this vulnerability in the LAN to cause service abnormal on affected devices.Affected product versions include:HiRouter-CD30-10 version 10.0.2.5;HiRouter-CT31-10 version 10.0.2.20;WS5200-12 version...

CVE-2023-6397

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service DoS conditions by downloading a crafted RAR compressed fil...

CVE-2019-19441

HUAWEI P30 smart phones with versions earlier than 10.0.0.166C00E66R1P11 have an information leak vulnerability. An attacker could send specific command in the local area network LAN to exploit this vulnerability. Successful exploitation may cause information leak...

CVE-2019-11061

A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://target/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 Confidentiality, Integrity...

Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection

Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing Reserved CVE: CVE-2018-13416 Vulnerability Overview The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML...

Session fixation

Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on th...

Emby MediaServer 3.2.5 - Password Reset Vulnerability

Exploit for multiple platform in category web applications Emby MediaServer 3.2.5 Password Reset Vulnerability Vendor: Emby LLC Product web page: https://www.emby.media Affected version: 3.2.5 3.1.5 3.1.2 3.1.1 3.1.0 3.0.0 Summary: Emby formerly Media Browser is a media server designed to organiz...

DHCP Exhaustion Script: DHCPig

DHCP Exhaustion Script DHCPig initiates an advanced DHCP exhaustion attack. It will consume all IPs on the LAN, stop new users from obtaining IPs, release any IPs in use, then for good measure send gratuitous ARP and knock all windows hosts offline. It requires scapy =2.1 library and admin...

Command injection

An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374979. When executing an "nmap -O" command that specifies an IP address of an affected device, one can crash the device's WAN connection, causing disconnection from the Internet, a Denial of Service DoS. The attack...

D-Link DAP-1360 Abuse / Cross Site Request Forgery

Hello list! There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This mod...

ARP Sinffer the user offensive and defensive examples of the detailed explanation-vulnerability warning-the black bar safety net

ARP attack in recent years, the hacker community was on the rise to one in the LAN the internal implementation of the means of attack, usually use to install arp-sniffer tools to capture, such as account password, ftp user name, a user password such valuable information. This attack means belongi...

Linksys SPA-2102 Phone Adapter Packet Handling - Denial of Service

Linksys SPA-2102 Phone Adapter Packet Handling - Denial of Service source: https://www.securityfocus.com/bid/28414/info Linksys SPA-2102 Phone Adapter is prone to a denial-of-service vulnerability when handling multiple packets in quick succession. Attackers can exploit this issue to deny access ...