CVE-2024-47263

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive informati...

BIT-RABBITMQ-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI

RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13...

PT-2026-41364

phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated...

CVE-2026-2992

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the /wp-json/kivicare/v1/setup-wizard/clinic REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated...

TOTOLINK A810R 安全漏洞

TOTOLINK A810R is a wireless dual-band router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK A810R version V4.1.2cu.5182B20201026, which stems from cstecgi.cgi failing to correctly validate the length and size of the input data, and can be exploited by ...

GHSA-X3CC-X39P-42QX fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name

Impact As a part of this vulnerability, user was able to se code using proto as a tag or attribute name. js const XMLParser, XMLBuilder, XMLValidator = require"fast-xml-parser"; let XMLdata = "hacked" const parser = new XMLParser; let jObj = parser.parseXMLdata; console.logjObj.polluted // should...

TOTOLINK A860R 安全漏洞

The TOTOLINK A860R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK A860R version V4.1.2cu.5182B20201027, which originates from an unfiltered parameter in infostat.cgi, resulting in a buffer overflow...

TOTOLINK A800R 信任管理问题漏洞

The TOTOLINK A800R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK A800R version V4.1.2cu.5137B20200730, which originates from the inclusion of a hardcoded password for root in /etc/shadow.sample...

MultiTech FaxFinder Trust Management Vulnerability

MultiTech FaxFinder is a fax server appliance from MultiTech Systems, USA. A security vulnerability exists in versions of MultiTech FaxFinder prior to 4.1.2. A remote attacker can exploit the vulnerability to retrieve certificates...

dhcp: NULL pointer dereference crash via crafted DHCPv6 packet

ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field...