34 matches found
CVE-2026-40960
Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...
CVE-2026-0655
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TP-Link Deco BE25 v1.0 web modules allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822...
CVE-2026-0655
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TP-Link Deco BE25 v1.0 web modules allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822...
CVE-2026-0655
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TP-Link Deco BE25 v1.0 web modules allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822...
EUVD-2026-9217
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TP-Link Deco BE25 v1.0 web modules allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822...
CVE-2026-0655
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TP-Link Deco BE25 v1.0 web modules allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822...
CVE-2026-0655
CVE-2026-0655 affects TP-Link Deco BE25 v1.0 (web modules) up to 1.1.1 Build 20250822. The issue is an improper limitation of a pathname to a restricted directory (path traversal) that allows an authenticated adjacent attacker to read arbitrary files or cause a denial of service. CVSS details ind...
PT-2026-22662
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TP-Link Deco BE25 v1.0 web modules allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822...
CVE-2026-22222
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...
CVE-2026-22222 Command Injection Vulnerability on TP-Link Archer BE230 v1.2
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...
EUVD-2026-5097
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...
CVE-2026-22222
CVE-2026-22222 is an OS Command Injection in TP-Link Archer BE230 v1.2 (web modules). The issue allows an adjacent authenticated attacker to execute arbitrary code and potentially gain full administrative control on Archer BE230 v1.2, impacting configuration integrity, network security, and servi...
EUVD-2026-5099
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...
CVE-2026-0630 Command Injection Vulnerability on TP-Link Archer BE230 v1.2 and AXE75 v1.0
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules and Archer AXE75 v1.0 allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise o...
CVE-2026-0630 Command Injection Vulnerability on TP-Link Archer BE230 v1.2 and AXE75 v1.0
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules and Archer AXE75 v1.0 allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise o...
CVE-2026-0630
CVE-2026-0630 is a reported OS Command Injection vulnerability in TP-Link Archer BE230 v1.2 web modules, affecting versions older than 1.2.4 Build 20251218 rel.70420. The issue permits an adjacent authenticated attacker to execute arbitrary code, potentially gaining full administrative control ov...
PT-2026-5686
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...
EUVD-2005-2841
Malware in sbrugna...
Malicious code in document.web.modules.files (npm)
The package document.web.modules.files was found to contain malicious code...
Malicious code in ringcentral-web-modules (npm)
The package ringcentral-web-modules was found to contain malicious code...