Synology Safe Access 跨站脚本漏洞

Synology Safe Access is a network access control and parental monitoring system developed by Synology, a Chinese company. Versions of Synology Safe Access prior to 1.3.1-0329 contained a cross-site scripting vulnerability. This vulnerability stemmed from the cross-site scripting feature in the...

CVE-2026-41166

OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the...

EUVD-2026-17688

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function...

CVE-2026-5213

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function...

CVE-2026-5212 D-Link DNS-1550-04 webdav_mgr.cgi Webdav_Upload_File stack-based overflow

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...

CVE-2026-4206

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function...

CVE-2016-20036

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...

PT-2026-25583

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function cgi...

EUVD-2025-206352

Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 datapoint server running on port 1004 and 1005. This server is used for relaying status information from and to the Access Managers. This information, among other things, is used to graphically...

CVE-2025-66005

Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of the currently active user session...

EUVD-2023-60230

Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts...

CVE-2023-53969

Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords...

CVE-2025-65790

A reflected cross-site scripting XSS vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG containing an inline element, the browser executes...

PT-2025-52679

Name of the Vulnerable Software and Affected Versions FuguHub version 8.1 Description A reflected cross-site scripting XSS issue exists when serving SVG files through the /fs/ file manager interface. The software does not sanitize or restrict script execution within SVG content. An attacker can...

CVE-2025-65790

A reflected cross-site scripting XSS vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG containing an inline element, the browser executes...

CVE-2025-66429

An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user...

Cpanel 安全漏洞

Cpanel is a set of automated web-based colocation platforms from Cpanel, Inc. in the United States. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in cPanel versions 110 through 132, which stems from the existence of directory...

PT-2025-50526

Name of the Vulnerable Software and Affected Versions Screen SFT DAB version 1.9.3 Description Screen SFT DAB 1.9.3 has a flaw in its authentication process, allowing unauthorized modification of user passwords. This is due to weak session management controls, specifically the reuse of IP-bound...

PT-2025-47166

Name of the Vulnerable Software and Affected Versions Digi On-Prem Manager affected versions not specified Description An injection flaw exists in the API feature of Digi On-Prem Manager. An attacker with valid API tokens can inject SQL code via crafted input. The API is not enabled by default. T...

EUVD-2017-9076

Malware in sbrugna...