Malicious Package

Overview otawebadmin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

MAL-2026-5075 Malicious code in ota_web_admin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2724185590a9671481ff3ac84c4046cb7b1841b78c7872660ff5ddf32fc21309 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-8076

Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based credentials, maintaining compatibility with POS software integrations deployed since 2012. This coul...

CVE-2026-8077

CVE-2026-8077 concerns the CashDro 3 web administration panel (v24.01.00.26). The issue is a lack of proper authorization in the backend, with security effectively handled only on the frontend. By altering the binary string in the ‘Permissions’ field of the JSON response, an attacker could escala...

CVE-2026-7714

CVE-2026-7714 affects crocodilestick Calibre-Web-Automated (up to version 4.0.6). The vulnerability lies in the Admin Endpoint’s cps/cwa_functions.py, where authentication is missing, enabling a remote attacker to potentially exploit it. Exploit details have been published, and the project was in...

CVE-2026-36960

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...

CVE-2026-33569 Anviz Products Cleartext Transmission of Sensitive Information

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device...

CVE-2026-6182

A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User leads to sql injection. The attack may be launched remotely. The exploit is...

EUVD-2026-22284

CWE-93 Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request payload...

CVE-2026-2403

CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload...

CVE-2026-2403

CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload...

CVE-2026-2403

The CVE describes an input validation flaw (CWE-1284) where improper validation of a specified quantity in the POST /logsettings payload by a Web Admin user can lead to Event and Data Log truncation, compromising log integrity. Exploitation details are not provided beyond the admin payload manipu...

CVE-2026-2405

CVE-2026-2405 is a CWE-400 Uncontrolled Resource Consumption vulnerability. According to the documents, a Web Admin flooding the system with POST /helpabout requests can cause excessive troubleshooting ZIP file creation, leading to denial of service. The CVSS 4.0 vector yields a base score of 5.3...

CVE-2026-2405

CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /helpabout requests...

CVE-2026-2399

CWE-22 Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters the POST /REST/upssleep request payload...

CVE-2026-2399

CWE-22 Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters the POST /REST/upssleep request payload...

PT-2026-32675

Name of the Vulnerable Software and Affected Versions PowerChute Serial Shutdown affected versions not specified Description Improper validation of specified quantity in input occurs when a Web Admin user alters the payload of the 'POST /logsettings' request. This issue can lead to Event and Data...

PT-2026-32677

Name of the Vulnerable Software and Affected Versions PowerChute Serial Shutdown affected versions not specified Description An uncontrolled resource consumption issue exists where a Web Admin user can cause a denial of service. This occurs when the system is flooded with specially crafted POST...

CVE-2026-6184

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been ma...

CVE-2026-6184 code-projects Simple Content Management System welcome.php cross site scripting

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been ma...