371 matches found
CVE-2026-36608
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP 192.168.1.1 or localhost 127.0.0.1 as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the intern...
PT-2026-45996
Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP 192.168.1.1 or localhost 127.0.0.1 as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the...
SAP Solution Manager 7.2 - Remote Command Execution
SAP Solution Manager SolMan running version 7.2 has a remote command execution vulnerability within the SAP EEM servlet tcsmdagentapplicationeem. The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemAdminService/EemAdmin page to get information...
Exploit for Server-Side Request Forgery in Apache Cxf
Apache CXF XOP Include LFI CVE-2022-46364 Overview This...
CVE-2026-33369
Zimbra Collaboration ZCS 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit thi...
PT-2026-26613
Zimbra Collaboration ZCS 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit thi...
CVE-2025-50187
Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28...
CVE-2010-0666
Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service crash via unknown a crafted SOAP request, a different issue than CVE-2008-0926...
MAL-2025-189942 Malicious code in titan-soap-request-framework (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4475336a5a70cb1e641daf750eece75d4e129c72b58ce76a12e6f8b504a07c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-41724 Sauter: Crash via Incomplete SOAP Request
An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again...
CVE-2025-41724
CVE-2025-41724 affects Sauter modulo 6 devices (e.g., modu680-AS, modu660-AS, modu612-LC, EY-modulo 5 modu 5/ modu524/ modu525, ecos 5 ecos504/505). The issue is caused by an unauthenticated remote attacker sending incomplete SOAP requests that crash the wscserver; the watchdog does not restart t...
Rockwell Automation FactoryTalk ViewPoint 安全漏洞
Rockwell Automation FactoryTalk ViewPoint is a web-based client application from Rockwell Automation, Inc. A security vulnerability exists in Rockwell Automation FactoryTalk ViewPoint that originates from an unauthenticated attacker who can execute an XXE attack using a specially crafted SOAP...
EUVD-2013-4638
Malware in sbrugna...
EUVD-2014-1683
Malware in sbrugna...
EUVD-2013-5227
Malware in sbrugna...
EUVD-2011-0743
Malware in sbrugna...
EUVD-2015-8149
Malware in sbrugna...
EUVD-2015-6480
Malware in sbrugna...
EUVD-2018-18630
Malware in sbrugna...
EUVD-2009-0901
Malware in sbrugna...