CVE-2026-36794

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain multiple stack overflows in the R7WebsSecurityHandler function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted HTTP...

CVE-2026-36794

CVE-2026-36794 affects Shenzhen Tenda Technology Co. Ltd. Tenda W3 Wireless Router v1.0.0.3(2204). The issue is multiple stack overflows in the R7WebsSecurityHandler function triggered via username and password parameters, leading to Denial of Service (DoS) through a crafted HTTP request. Connect...

PT-2026-48187

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain multiple stack overflows in the R7WebsSecurityHandler function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted HTTP...

SUSE-SU-2026:2293-1 Security update for memcached

This update for memcached fixes the following issues - CVE-2026-47783: timing side-channel in SASL password database authentication username bsc1265873. - CVE-2026-47784: timing side-channel in SASL password database authentication password bsc1265881...

CVE-2026-36789

CVE-2026-36789 concerns Shenzhen Tenda Technology’s AC1206 (v15.03.06.23). The advisory reports multiple stack overflows in the fromGstDhcpSetSer function triggered via username/password parameters, enabling a Denial of Service through a crafted HTTP request. A CVSS v3.1 base score of 7.5 (HIGH) ...

curl: SOCKS5 no-auth accepted despite username/password-only authentication

Summary: curl/libcurl appears to allow unauthenticated SOCKS5 negotiation even when the caller explicitly configures username/password-only SOCKS5 authentication. With --socks5-basic and SOCKS5 credentials set, curl still advertises both SOCKS5 method 0x00 no authentication and 0x02...

CVE-2026-10163

A vulnerability has been found in Edimax BR-6478AC 1.23. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. The manipulation of the argument UserName/Password leads to buffer overflow. Remote exploitation of the attack is...

CVE-2026-10163

A vulnerability has been found in Edimax BR-6478AC 1.23. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. The manipulation of the argument UserName/Password leads to buffer overflow. Remote exploitation of the attack is...

CVE-2026-10163 Edimax BR-6478AC POST Request formUSBAccount buffer overflow

A vulnerability has been found in Edimax BR-6478AC 1.23. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. The manipulation of the argument UserName/Password leads to buffer overflow. Remote exploitation of the attack is...

Edimax BR-6478AC 安全漏洞

The Edimax BR-6478AC is a dual-band Gigabit router produced by Edimax Corporation. Version 1.23 of the Edimax BR-6478AC contains a security vulnerability. This vulnerability stems from a buffer overflow caused by the parameter UserName/Password in the formUSBAccount function within the component...

Astra Linux - уязвимость в firefox, thunderbird

The username:password portion was not properly removed from URLs in CSP reports, which could potentially expose HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2026-7372

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. Stack-overflow via...

EUVD-2026-19223

A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclos...

CVE-2026-5646

A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclos...

CVE-2026-5198

A vulnerability was determined in code-projects Student Membership System 1.0. The impacted element is an unknown function of the file /admin/index.php of the component Admin Login. This manipulation of the argument username/password causes sql injection. Remote exploitation of the attack is...

PT-2026-29007

Name of the Vulnerable Software and Affected Versions ArthurFiorette steam-trader version 2.1.1 Description A sensitive information exposure issue exists. An unauthenticated attacker can send a request to the /users API endpoint to retrieve sensitive Steam account data, including the account...

Tiandy Easy7 Integrated Management Platform 访问控制错误漏洞

Tiandy Easy7 Integrated Management Platform is a comprehensive video surveillance management platform developed by Tiandy Company in China. The version 7.17.0 of Tiandy Easy7 Integrated Management Platform contains a vulnerability related to access control. This vulnerability arises from incorrec...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the IsCorrectUsernameAndPassword validation. An attacker can cause a victim's browser to initiate a session tied to an account for which the attacker knows the credentials by tricking the victim into...

CVE-2026-1296

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requestedpage' POST parameter in the verifyusernamepassword function. This makes it possible for unauthenticated...

CVE-2026-1296

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requestedpage' POST parameter in the verifyusernamepassword function. This makes it possible for unauthenticated...