Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssl (UTSA-2026-007124)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007124 advisory. Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications...

EUVD-2025-29067

Malicious code in bioql PyPI...

Wavlink WL-WN578W2 Authorization Issues Vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. An authorization issue vulnerability exists in Wavlink WL-WN578W2 version 221110, which stems from improper privilege management of the parameter newpass/confpass in the file /sysinit.html, which can be exploited by an attacker t...

CVE-2025-10322

A vulnerability has been found in Wavlink WL-WN578W2 221110. The affected element is an unknown function of the file /sysinit.html. The manipulation of the argument newpass/confpass leads to weak password recovery. The attack is possible to be carried out remotely. The exploit has been disclosed ...

CVE-2025-10322 Wavlink WL-WN578W2 sysinit.html password recovery

A vulnerability has been found in Wavlink WL-WN578W2 221110. The affected element is an unknown function of the file /sysinit.html. The manipulation of the argument newpass/confpass leads to weak password recovery. The attack is possible to be carried out remotely. The exploit has been disclosed ...

CVE-2024-48705

Wavlink AC1200 with firmware versions M32A3V1410230602 and M32A3V1410240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "setsysadm" function of the "adm.cgi" binary, and is due to improper santization ...

CVE-2024-48705

Wavlink AC1200 with firmware versions M32A3V1410230602 and M32A3V1410240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "setsysadm" function of the "adm.cgi" binary, and is due to improper santization ...

WAVLINK AC1200 安全漏洞

WAVLINK AC1200 is a dual-band high power wireless router from China Ruiyin WAVLINK. A security vulnerability exists in the Wavlink AC1200 M32A3V1410230602 version and M32A3V1410240222 version releases, which stems from improper cleanup of the newpass field during a password reset, which could lea...

CVE-2024-48705

CVE-2024-48705 affects Wavlink AC1200 firmware versions M32A3_V1410_230602 and M32A3_V1410_240222. The issue is a post-authentication command injection in the adm.cgi binary, specifically in set_sys_adm, caused by insufficient sanitization of the newpass field during password reset. Impact is sta...

EUVD-2024-54944

Wavlink AC1200 with firmware versions M32A3V1410230602 and M32A3V1410240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "setsysadm" function of the "adm.cgi" binary, and is due to improper santization ...

CVE-2025-50756

Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the setsysadm function via the newpass parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-50756

Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the setsysadm function via the newpass parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2023-24096

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the newpass parameter at /formPasswordSetup. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects...

CVE-2024-39846

NewPass before 1.2.0 stores passwords rather than password hashes directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use...

CVE-2024-39846

NewPass before 1.2.0 stores passwords rather than password hashes directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use...

CVE-2024-39846

NewPass before 1.2.0 stores passwords rather than password hashes directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use...

CVE-2024-39846

NewPass before 1.2.0 stores passwords directly (not as hashes), enabling easier unauthorized access to sensitive information. Data at rest is encrypted, but passwords are decrypted in-process during use, creating exposure risk. Affected versions: prior to 1.2.0. Remediation: upgrade to 1.2.0 or l...

CVE-2024-39846

NewPass before 1.2.0 stores passwords rather than password hashes directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use...

NewPass Security Vulnerabilities

NewPass is a secure password management application by gero personal developer. Designed to generate and store strong passwords locally on a user's device. A security vulnerability exists in versions prior to NewPass 1.2.0. An attacker exploiting the vulnerability could gain access to sensitive...

The vulnerabilities of the functions PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes(), and PKCS12_newpass() in the OpenSSL library allow a attacker to cause a service failure.

The vulnerabilities of the functions PKCS12parse, PKCS12unpackp7data, PKCS12unpackp7encdata, PKCS12unpackauthsafes, and PKCS12newpass in the OpenSSL library are related to pointer arithmetic errors. Exploiting these vulnerabilities could allow an attacker to cause a service failure...