9 matches found
CVE-2026-45344 LinkAce: Setup database password newline injection enables pre-auth RCE on uninitialized instances
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...
CVE-2025-63205
An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6.5.0-9, allowing attackers to gain sensitive information such as administrator passwords via the...
CVE-2025-63208
An issue was discovered in bridgetech VB288 Objective QoE Content Extractor, firmware version 5.6.0-8, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint...
CVE-2025-63205
Bridgetech probes and NOMAD (VB220, VB120, VB330, VB440) firmware versions 6.5.0-9 have a reported information-disclosure flaw exposed via the /probe/core/setup/passwd endpoint that can reveal administrator passwords. Multiple sources corroborate the affected product set and version, but the supp...
EUVD-2025-23997
Malicious code in bioql PyPI...
CVE-2025-41039 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...
CVE-2025-8731
TRENDnet CVE-2025-8731 affects TI-G160i, TI-PG102i and TPL-430AP (up to 20250724) with the SSH Service using default credentials. Several sources confirm remote exploitation is possible and that the exploit has been publicly disclosed. Mitigation in publicly released documents centers on credenti...
Ignite Realtime Openfire Cross-Site Scripting Vulnerability
Ignite Realtime Openfire is a real-time collaboration RTC server licensed under the open source Apache license. A cross-site scripting vulnerability exists in Ignite Realtime Openfire 4.4.1. An attacker can exploit this vulnerability via the setup/setup-datasource-standard.jsp password parameter ...
GE Healthcare Precision THUNIS-800+ Trust Management Vulnerability
The GE Healthcare Precision THUNIS-800+ PT800+ is an all-in-one digital remote-controlled multifunction X-ray machine the device that produces the X-rays from General Electric GE for the medical industry. A security vulnerability exists in the GE Healthcare PT800+ that originates from the program...