PT-2026-36603

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-821DAP versions prior to 1.12B01 Description An issue exists in the Firmware Update Handler component within the cameo dev.sh file. Specifically, the platform do upgrade cameo dev function fails to sufficiently verify data...

TRENDnet TEW-821DAP 数据伪造问题漏洞

TRENDnet TEW-821DAP is a wireless access point from the company TRENDnet. The version TRENDnet TEW-821DAP 1.12B01 has a vulnerability related to data falsification. This vulnerability stems from improper handling of the parameter dest in the findHWid/newGuiUpdateFirmware function within the...

SQL Injection

Overview @nocobase/plugin-collection-sql is a Provides SQL collection template Affected versions of this package are vulnerable to SQL Injection through the update handler in the collection SQL resource. An attacker can submit a malicious sql value while updating a SQL-backed collection and have ...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the doCertificateUpdate handler in certificates.go. An attacker can change the type of an existing certificate by sending a certificate update reques...

CVE-2026-4574

A vulnerability was detected in SourceCodester Simple E-learning System 1.0. This vulnerability affects unknown code of the component User Profile Update Handler. The manipulation of the argument firstName results in sql injection. It is possible to launch the attack remotely. The exploit is now...

PT-2026-27323

A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler update system time of the file libdeuteron modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only...

PT-2026-27051

Name of the Vulnerable Software and Affected Versions SourceCodester Simple E-learning System version 1.0 Description A SQL injection issue exists in the User Profile Update Handler component. The manipulation of the firstName argument can lead to SQL injection. The exploit is publicly available...

CVE-2026-4478

Yi Technology YI Home Camera 2 (version 2.1.1_20171024151200) is affected by CVE-2026-4478 due to improper verification of cryptographic signatures in the HTTP Firmware Update Handler (file path: home/web/ipc). The root cause is in the firmware update flow, enabling a remote attack with high impa...

CVE-2025-1228

A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected is an unknown function of the file /read/?page=1=LOGMonitor of the component Logfile Update Handler. The manipulation of the argument path leads to path traversal...

CVE-2026-0591

A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/checkout/update.php of the component Cart Update Handler. Such manipulation of the argument id/qty leads to sql injection. It is possible to launch t...

CVE-2026-0591

A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/checkout/update.php of the component Cart Update Handler. Such manipulation of the argument id/qty leads to sql injection. It is possible to launch t...

CVE-2026-0591

A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/checkout/update.php of the component Cart Update Handler. Such manipulation of the argument id/qty leads to sql injection. It is possible to launch t...

CVE-2026-0591

Code-projects Online Product Reservation System 1.0 contains a SQL injection vulnerability in the Cart Update Handler, specifically in the /app/checkout/update.php file’s unknown function. Manipulating the id/qty parameter can trigger the injection, enabling remote exploitation. Public exploit/Po...

CVE-2025-12295

A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function sub40C6B8 of the component Firmware Update Handler. Executing manipulation can lead to improper verification of cryptographic signature. The attack can be launched remotely. Attacks of this nature are...

CVE-2025-12296

A security vulnerability has been detected in D-Link DAP-2695 2.00RC13. The impacted element is the function sub4174B0 of the component Firmware Update Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be...

EUVD-2025-36209

A security vulnerability has been detected in D-Link DAP-2695 2.00RC13. The impacted element is the function sub4174B0 of the component Firmware Update Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be...

CVE-2025-12296

The CVE-2025-12296 entry affects D-Link DAP-2695 model with firmware 2.00RC13. The vulnerability arises from the function sub_4174B0 in the Firmware Update Handler, enabling os command injection due to a manipulation. It can be triggered remotely, and the exploit has been publicly disclosed. The ...

CVE-2025-12296 D-Link DAP-2695 Firmware Update sub_4174B0 os command injection

A security vulnerability has been detected in D-Link DAP-2695 2.00RC13. The impacted element is the function sub4174B0 of the component Firmware Update Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be...

D-Link DAP-2695 操作系统命令注入漏洞

The D-Link DAP-2695 is a high-performance dual-band wireless access point from China AUO D-Link. An OS command injection vulnerability exists in the D-Link DAP-2695 version 2.00RC13, which originates from the presence of os command injection in the function sub4174B0 in the Firmware Update Handle...

PT-2025-43985

A security vulnerability has been detected in D-Link DAP-2695 2.00RC13. The impacted element is the function sub 4174B0 of the component Firmware Update Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may b...