CVE-2026-24345 Cross-Site Request Forgery in EZCast Pro II Dongle

Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI...

EUVD-2026-4822

Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI...

CVE-2026-24344 Multiple Buffer Overflows in EZCast Pro II Dongle

Multiple Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution...

CVE-2026-24344 Multiple Buffer Overflows in EZCast Pro II Dongle

Multiple Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution...

PT-2026-4930

Name of the Vulnerable Software and Affected Versions Phpscript-sgh version 0.1.0 Description The software contains a time-based blind SQL injection issue in the admin interface. Attackers can manipulate database queries through the id parameter. Exploitation involves crafting malicious payloads...

PT-2026-4881

Name of the Vulnerable Software and Affected Versions EZCast Pro II version 1.17478.146 Description The Admin UI of EZCast Pro II utilizes well-known default credentials, potentially allowing attackers to gain access to protected areas within the web application. Recommendations Change the defaul...

PT-2026-4880

Name of the Vulnerable Software and Affected Versions EZCast Pro II version 1.17478.146 Description A Cross-Site Request Forgery exists in the Admin UI. This allows attackers to bypass authorization checks and gain full access to the admin UI. Recommendations Update to a newer version that contai...

CVE-2025-59473

SQL Injection vulnerability in the Structure for Admin authenticated user...

CVE-2025-14756

Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or...

CVE-2025-14756

Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or...

CVE-2025-14756 Authenticated Command Injection Vulnerability in Archer MR600

Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or...

EUVD-2025-206350

Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or...

CVE-2025-14756

Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or...

CVE-2025-14756

CVE-2025-14756 affects TP-Link Archer MR600 v5. The vulnerability is an authenticated OS command injection in the admin interface, allowing an attacker to execute system commands with a limited character length input via the browser developer console. Published sources indicate this can lead to s...

CVE-2025-14756 Authenticated Command Injection Vulnerability in Archer MR600

Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or...

CVE-2026-24431

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials...

CVE-2026-24431

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials...

CVE-2026-24431

The CVE-2026-24431 entry concerns Shenzhen Tenda W30E V2 devices. Concrete details from connected sources show that firmware versions up to and including V16.01.0.19(5037) store user account passwords in plaintext in the administrative web interface, allowing any user with access to affected mana...

CVE-2026-24431 Tenda W30E V2 Web UI Reveals Passwords in Cleartext

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials...

CVE-2026-24431

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials...