AP Pricing Tables Lite <= 1.1.6 - SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. id: CVE-2023-0900 info: name: AP Pricing Tables Lite = 1.1.6 - SQL Injection author: r3Y3r53 severity: high description: ...

PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection

A SQL injection vulnerability in the productalloneimg and imageproduct parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data. id: CVE-2022-22897 info: name: PrestaShop AP Pagebuilder = 2.4.4 - SQL Injection...

ZyXel USG - Hardcoded Credentials

A hardcoded credential vulnerability was identified in the 'zyfwp' user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP. id: CVE-2020-29583 info: name: ZyXel USG - Hardcoded Credentials autho...

Wavlink Multiple AP - Remote Command Injection

Wavlink products are affected by a vulnerability that may allow remote unauthenticated users to execute arbitrary commands as root on Wavlink devices. The user input is not properly sanitized which allows command injection via the "key" parameter in a login request. It has been tested on Wavlink...

EUVD-2026-38984

In the Linux kernel, the following vulnerability has been resolved: s390/ap: use generic driveroverride infrastructure When the AP masks are updated via apmaskstore or aqmaskstore, apbusrevisebindings is called after apattrmutex has been released. This calls aprevisereserved, which accesses the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mac80211: Fixed an error in the ieee80211chanbwchange function for APVLAN stations. The ieee80211chanbwchange function iterates through all stations and accesses link-reserved.oper via sta-sdata-linklinkid. For stations on...

CVE-2026-45160 ESF-IDF: Out-of-bounds Read in lwIP DHCP Server Option Parser

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...

Exploit for Heap-based Buffer Overflow in Mediatek Mt6890_Firmware

CVE-2026-20452 — MediaTek WLAN AP Heap Overflow PoC Proof of...

CVE-2026-8264

A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is...

CVE-2024-51394

Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the APMSP::loop, APMSP, APMSP.cpp components...

CVE-2026-20452

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295...

CVE-2026-10127

CVE-2026-10127 affects Edimax BR-6478AC firmware version 1.23. The vulnerability resides in the POST Request Handler function formStaDrvSetup, specifically the /goform/formStaDrvSetup endpoint, where manipulating the argument rootAPmac enables command injection. Exploitation can be remote; public...

EUVD-2026-31652

A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. Performing a manipulation of the argument rootAPmac results in command injection. The attack can be initiated...

Linux Distros Unpatched Vulnerability : CVE-2026-31072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: mtd: maps: Fixed the refcount leak in apflashinit. offindmatchingnode returns a node pointer with a refcount incremented. We should use ofnodeput on it when there is no longer a need for it. Add the missing ofnodeput call to avoi...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: The entire AP matrix is always filtered. The vfioapmdevfiltermatrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of this function is to update the guest’s AP configuration...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: mvm – Do not send a 6E-related command when it is not supported. MCCALLOWEDAPTYPECMD is related to 6E support. Do not send this command if the device does not support 6E. Apparently, the firmware mistakenly indicat...

CVE-2024-51395

Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the APSmartAudio::loop, APSmartAudio, APSmartAudio.cpp components...

CVE-2024-48519

Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b045162058df0ff136afea3081fcd06d38 allows a local attacker to cause a denial of service via the APInertialSensorADIS1647x.cpp, ArduRover, ADIS1647x Sensor component...

EUVD-2024-55581

Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the APSmartAudio::loop, APSmartAudio, APSmartAudio.cpp components...