EUVD-2026-33468

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack can be...

CVE-2026-45344

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

PT-2026-44544

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities stemmed from bypassing plugin trust mechanisms, allowing attackers to circumvent the expected trust levels when...

CVE-2026-41459

CVE-2026-41459 (Xerte Online Toolkits) affects versions 3.15 and earlier. An information disclosure vulnerability allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root by requesting the /setup page, where the exposed root_path value is rendered ...

EUVD-2026-19835

ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

CVE-2026-39337

ChurchCRM CVE-2026-39337 describes a pre-authentication remote code execution in the setup wizard (before/around initial installation) that allows unauthenticated code injection due to unsanitized $dbPassword. This is a remediation of an incomplete fix for CVE-2025-62521 and is fixed in version 7...

CVE-2026-4477

A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.120171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack can only be done within the local network. This attack is...

CVE-2026-3037

The CVE-2026-3037 entry concerns XWEB Pro, affected through version 1.12.1 and earlier. The connected documents confirm an OS command injection vulnerability that allows an authenticated attacker to achieve remote code execution by injecting malicious input into the MBird SMS service URL and/or c...

PT-2026-6836

Name of the Vulnerable Software and Affected Versions 3DP-MANAGER versions 2.0.1 and prior Description 3DP-MANAGER, an inbound generator for 3x-ui, automatically creates an administrative account with default credentials admin/admin upon initial setup. An attacker with network access to the...

PT-2025-51867

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 5.21.0 Description ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution issue exists in the setup wizard. Unauthenticated attackers can inject...

CVE-2025-11084

A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period...

CVE-2025-11084

A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period...

CVE-2025-11084

CVE-2025-11084 affects Rockwell Automation’s DataMosaix Private Cloud. The issue allows bypassing MFA during initial setup and obtaining a valid login-token cookie without a user password when MFA is enabled but not completed within 7 days. This can lead to account takeover and credential exposur...

CVE-2025-11295 Belkin F9K1015 formPPPoESetup buffer overflow

A flaw has been found in Belkin F9K1015 1.00.10. This affects an unknown part of the file /goform/formPPPoESetup. This manipulation of the argument pppUserName causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was...

EUVD-2024-40726

Malicious code in bioql PyPI...

EUVD-2025-25257

Malicious code in bioql PyPI...

EUVD-2021-30181

Malicious code in bioql PyPI...

PT-2025-40810

Name of the Vulnerable Software and Affected Versions Belkin F9K1015 version 1.00.10 Description A buffer overflow issue exists in Belkin F9K1015 version 1.00.10. The issue is related to the manipulation of the L2TPUserName argument within the file /goform/formL2TPSetup. This allows for remote co...

Linux Distros Unpatched Vulnerability : CVE-2023-37117

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP. CVE-2023-37117 Note that Nessus relies on the presence of...