62108 matches found
D-Link - Remote Command Execution
A Remote Command Execution RCE vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file id: CVE-2021-45382 info: name: D-Link - Remote Command Execution author: king-alexander severity: critic...
CVE-2026-14487
creationtimestamp| type| source ---|---|--- 2026-07-08 04:52:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mq4d4hox3y2r 2026-07-08 06:00:10+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mq4gw7nccj27 2026-07-08 07:32:06+00:00| seen|...
CVE-2026-55436
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge Proxy aibridgeproxyd created a goproxy server whose default transport set InsecureSkipVerify: true and only assigned a...
CVE-2026-42958
creationtimestamp| type| source ---|---|--- 2026-07-07 23:49:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq3s6sucnj27...
CVE-2026-14380
creationtimestamp| type| source ---|---|--- 2026-07-07 22:59:45+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mq3pggr5xk24 2026-07-08 00:00:45+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mq3stiucln2f 2026-07-08 00:00:45+00:00| seen|...
CVE-2026-14895
creationtimestamp| type| source ---|---|--- 2026-07-07 22:54:44+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mq3p5hmule2k 2026-07-08 01:04:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq3wfdvxtp2g...
CVE-2026-59706
creationtimestamp| type| source ---|---|--- 2026-07-07 21:50:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mq3lju4gqu2f 2026-07-07 23:40:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq3rokhsrv2g...
CVE-2026-50530
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing...
CVE-2026-50529
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid...
CVE-2026-50530
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing...
CVE-2026-50529
CVE-2026-50529 affects DataEase prior to version 2.10.24. The /de2api/share/proxyInfo interface incorrectly generates and returns an X-DE-LINK-TOKEN before validating the share password or ticket, enabling unauthenticated attackers who know a protected share UUID to obtain a valid link token for ...
CVE-2026-50529 DataEase: Link Token Leakage Prior to Share Password/Ticket Validation
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid...
CVE-2026-50529
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid...
CVE-2026-57172 DataEase: Hardcoded JWT Signing Secret in ShareLink
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known key link-pwd-fit2cloud to forge linkToken JWTs,...
CVE-2026-59800
creationtimestamp| type| source ---|---|--- 2026-07-07 19:33:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq3dwalhqt22 2026-07-07 20:35:03+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-g6g7-pvmx-m74p 2026-07-07 20:52:05+00:00| seen|...
CVE-2026-14904
AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...
D-Link DNS-320 - Remote Code Execution
The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. id: CVE-2019-16057 info: name: D-Link DNS-320 - Remote Code Execution author: DhiyaneshDk severity: critical description: | The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerabl...
TP-Link - OS Command Injection
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840NEUV5171211 is vulnerable to remote code execution via a specially crafted payload in an IP address input field. id: CVE-2021-41653 info: name: TP-Link - OS Command Injection author: gy741 severity: critical...
D-Link Central WiFi Manager CWM(100) - Remote Code Execution
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. id: CVE-2019-13372 info:...
TP-Link TL-WR840N - Command Injection
The TP-Link TL-WR840NESV6.20180709 router contains a command injection vulnerability in the oalsetIp6DefaultRoute component. This vulnerability allows authenticated attackers to execute arbitrary system commands, leading to complete device compromise. id: CVE-2022-25061 info: name: TP-Link...