CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/27 12:0 a.m.•4 views

UTT HiPER 1250GW 安全漏洞

UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained security vulnerabilities. These vulnerabilities were caused by the strcpy function in the Web Management Interface component/goform/formGroupConfig file,...

9CVSS7.5AI score0.00046EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•5 views

PT-2026-43474

A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the file /goform/formConfigFastDirectionW of the component Web Management Interface. Performing a manipulation of the argument Profile results in stack-based buffer...

9CVSS6.2AI score0.00046EPSS

Exploits0References5

F5 Networks•added 2026/05/14 5:3 p.m.•8 views

K000161278: Spring Cloud vulnerability CVE-2026-22739

Security Advisory Description Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories. This...

NVD•added 2026/04/29 11:16 p.m.•3 views

Exploits0

CVE-2026-7420

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the...

9CVSS0.00053EPSS

Cvelist•added 2026/04/29 10:15 p.m.•25 views

CVE-2026-7419 UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEditap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly...

9CVSS0.00019EPSS

EUVD•added 2026/04/29 10:15 p.m.•1 views

EUVD-2026-26297

9CVSS8.5AI score0.00019EPSS

CNNVD•added 2026/04/29 12:0 a.m.•3 views

UTT HiPER 1250GW 缓冲区错误漏洞

UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained a buffer overflow vulnerability. This vulnerability stemmed from an operation in the function strcopy within the file route/goform/NTP, where the Profile...

9CVSS7.8AI score0.00019EPSS

CNNVD•added 2026/04/29 12:0 a.m.•3 views

UTT HiPER 1250GW 缓冲区错误漏洞

UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained a buffer overflow vulnerability. This vulnerability stemmed from an operation in the function strcpy within the file route/goform/ConfigAdvideo, where th...

9CVSS7.8AI score0.00053EPSS

CNNVD•added 2026/04/29 12:0 a.m.•3 views

UTT HiPER 1250GW 缓冲区错误漏洞

UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained a buffer overflow vulnerability. This vulnerability stemmed from an operation involving the parameter “Profile” in the function strcpy within the file...

9CVSS7.8AI score0.00019EPSS

CNNVD•added 2026/04/27 12:0 a.m.•2 views

Code-Projects Invoice System in Laravel 安全漏洞

Code-Projects Invoice System in Laravel is an open-source invoice system developed by Code-Projects. Version 1.0 of the Code-Projects Invoice System in Laravel contained a security vulnerability. This vulnerability stemmed from improper handling of parameter IDs in the .profile/ file within the...

6.5CVSS6.6AI score0.00046EPSS

Exploits0References2

Cvelist•added 2026/04/05 4:30 p.m.•25 views

CVE-2026-5583 PHPGurukul Online Shopping Portal Project Parameter my-profile.php sql injection

A security vulnerability has been detected in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /my-profile.php of the component Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotel...

6.5CVSS0.00012EPSS

Exploits0References5

NVD•added 2026/04/05 6:16 a.m.•3 views

CVE-2026-5544

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...

9CVSS0.00053EPSS

Positive Technologies•added 2026/04/05 12:0 a.m.•4 views

PT-2026-30416

9CVSS7.7AI score0.00053EPSS

Exploits0References5

RedhatCVE•added 2026/03/26 2:57 p.m.•1 views

CVE-2026-22739

Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories.This issue affects Spring Cloud: from...

Github Security Blog•added 2026/03/24 3:31 a.m.•2 views

Spring Cloud Config Server: Path Traversal via Profile Parameter Allows Arbitrary File Access

Exploits0References6Affected Software1

OSV•added 2026/03/24 3:31 a.m.•1 views

GHSA-3QWQ-Q9VM-5J42 Spring Cloud Config Server: Path Traversal via Profile Parameter Allows Arbitrary File Access

8.6CVSS5.9AI score0.09681EPSS

Exploits0References6

ATTACKERKB•added 2026/03/24 12:16 a.m.•0 views

CVE-2026-22739