CVE-2026-36959

Summary: CVE-2026-36959 affects the U-SPEED N300 router (V1.0.0). The vulnerability arises from the /api/login endpoint lacking rate limiting and account lockout protections, enabling unlimited authentication attempts from a local network. This can facilitate brute-force attacks against the admin...

CVE-2026-2403

CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload...

CVE-2025-55046

MuraCMS through 10.1.10 contains a CSRF vulnerability that allows attackers to permanently destroy all deleted content stored in the trash system through a simple CSRF attack. The vulnerable cTrash.empty function lacks CSRF token validation, enabling malicious websites to forge requests that...

CVE-2025-58471 Qsync Central

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...

EUVD-2026-4888

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-20894

Cross-site scripting vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation. If an attacking administrator configures the affected product with some malicious input, an arbitrary script may be executed on the web browser of a victim administrator who accesse...

CVE-2026-20894

Cross-site scripting vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation. If an attacking administrator configures the affected product with some malicious input, an arbitrary script may be executed on the web browser of a victim administrator who accesse...

CVE-2025-53590

CVE-2025-53590 is a NULL pointer dereference vulnerability affecting QNAP QTS/QuTS hero operating systems. A remote attacker who has an administrator account can exploit this to cause a denial-of-service. The issue impacts several QNAP OS versions, with remediation implemented in QTS 5.2.7.3256 b...

EUVD-2018-3388

Malware in sbrugna...

EUVD-2022-15903

Malicious code in bioql PyPI...

CVE-2025-48727

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2025-52432 QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2025-48726 QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

EUVD-2025-32349

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2024-36347

Summary (CVE-2024-36347) Improper signature verification in the AMD CPU ROM microcode patch loader may allow a local administrator to load unsigned/malicious microcode, risking integrity of x86 instruction execution, and confidentiality/integrity of data in the privileged CPU context and potentia...

CVE-2024-20516

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service DoS condition. To exploit...

CVE-2023-0505

The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

CVE-2021-37366

CTparental before 4.45.03 is vulnerable to cross-site request forgery CSRF in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users...

CVE-2021-35957

Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs in %WINDIR%\system32 with malicious ones...

CVE-2017-16660

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...