CVE-2026-2218

CVE-2026-2218 affects the D-Link DCS-933L firmware up to 1.14.11, targeting the alphapd component. The vulnerability arises from manipulating the AdminID argument in the /setSystemAdmin function, enabling remote command injection. Remote exploitation is possible and the exploit has been publicly ...

PT-2026-7070

A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an unknown function of the file /setSystemAdmin of the component alphapd. This manipulation of the argument AdminID causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...

EUVD-2023-46175

Malicious code in bioql PyPI...

WordPress plugin TelSender 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-12954 · Unknown · Pechenki Telsender

Name of the Vulnerable Software and Affected Versions: Pechenki TelSender versions 1.14.11 and earlier Description: The issue is related to a Missing Authorization vulnerability in Pechenki TelSender, which allows exploitation of incorrectly configured access control security levels...

SUSE CVE-2024-2660

Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7...

PT-2023-12302 · Wpmu Dev · Forminator

Name of the Vulnerable Software and Affected Versions: WPMU DEV Forminator versions 1.14.11 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. The vulnerability c...

WordPress plugin Forminator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2020-8267

A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect...

SimpleSAMLphp authcrypt module timed side channel attack vulnerability

SimpleSAMLphp is a PHP authentication application that implements the SAML2.0 service provider and identity provider functionality . A timing side channel attack vulnerability exists in the authcrypt module in SimpleSAMLphp 1.14.11 and earlier versions, which can be exploited by an attacker who...

SimpleSAMLphp Security Bypass Vulnerability (CNVD-2017-24382)

SimpleSAMLphp is a PHP authentication application that implements the SAML2.0 service provider and identity provider functionality . A security bypass vulnerability exists in SimpleSAMLphp 1.14.x through 1.14.11, which can be exploited by attackers to bypass security restrictions and perform...

DEBIAN-CVE-2017-12872

The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input...