3765 matches found
CVE-2026-7255
UNSUPPORTED WHEN ASSIGNED An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow an adjacent attacker on the LAN to brute-force the password and bypass authentication...
CVE-2026-7256
UNSUPPORTED WHEN ASSIGNED A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow an adjacent attacker on the LAN to execute operating system OS commands on a vulnerable device by sending a crafted HTTP request...
CVE-2026-7124
A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument addrPrefixLen can lead to os command injection. The attack ca...
CVE-2026-5995
A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument laninfo can lead to os command injection. The attack may be performed from...
CVE-2026-9003
E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2026-42363
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...
CVE-2026-7473 Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...
EUVD-2026-34858
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...
CVE-2026-7473 Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...
CVE-2026-8993
D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF Server Side...
CVE-2026-8993
D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF Server Side...
DITEC D.Launcher 2 安全漏洞
DITEC D.Launcher 2 is an electronic signature component and integration client developed by DITEC Corporation. DITEC D.Launcher 2 has a security vulnerability. This vulnerability stems from the application registering multiple custom URL handlers. It may allow attackers to exploit these handlers ...
CVE-2025-59609 Buffer Over-read in WLAN Host Communication
Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length...
CVE-2026-10183
A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. This affects the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument enrollee leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and mig...
OPENSUSE-SU-2026:20851-1 Security update for putty
This update for putty fixes the following issues: Changes in putty: - Update to release 0.84 Fixed a remotely triggerable double-free in RSA key exchange. Fixed a remotely triggerable crash assertion failure - program termination in NIST ECDSA signature verification. Fixed marking of Telnet and...
CVE-2026-49195
Unauthenticated Debug Service. The /sbin/mtkdut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands...
CVE-2026-49195
Unauthenticated Debug Service. The /sbin/mtkdut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands...
CVE-2026-49195
The CVE CVE-2026-49195 affects Predator Connect W6x devices, where the /sbin/mtk_dut binary is exposed on TCP port 9000 with no authentication. This unauthenticated debug service allows any LAN-based attacker to execute arbitrary UCC commands. The associated CVSS v4.0 metrics indicate high impact...
PT-2026-44765
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An unauthenticated debug service is exposed on TCP port 9000. This allows a LAN-based attacker to execute arbitrary UCC commands via the '/sbin/mtk dut' binary...
CVE-2026-44830
CVE-2026-44830 affects Nocturne Memory prior to 2.4.1. When API_TOKEN is unset or empty, BearerTokenAuthMiddleware does not enforce authentication for all HTTP requests. Coupled with a default 0.0.0.0 host binding and CORS allow_origins=[""], this lets any LAN-reachable client access the Knowledg...