19 matches found
CVE-2026-44440
ERPNext is affected by a path traversal vulnerability (CVE-2026-44440) in which an authenticated adjacent attacker can read arbitrary files due to improper limitation of a pathname to a restricted directory. The issue exists prior to versions 15.101.1 and 16.10.0 and is fixed in those releases. C...
CVE-2026-30816
An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device,...
CVE-2026-30817
An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device,...
CVE-2026-30817 Arbitrary File Reading Vulnerability in dnsmasq Module in TP-Link AX53
An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device,...
CVE-2026-30814
Affects TP-Link Archer AX53 v1.0. The vulnerability is a stack-based buffer overflow in the tmpServer module, allowing an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a crafted configuration file. Exploitation may crash the device and ...
PT-2026-31410
Name of the Vulnerable Software and Affected Versions TP-Link AX53 v1.0 versions prior to 1.7.1 Build 20260213 Description An external configuration control issue in the OpenVPN module allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is...
PT-2026-31407
Name of the Vulnerable Software and Affected Versions TP-Link Archer AX53 v1.0 versions prior to 1.7.1 Build 20260213 Description A stack-based buffer overflow occurs in the tmpServer module. An authenticated adjacent attacker can trigger a segmentation fault and potentially execute arbitrary cod...
CVE-2026-0655
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TP-Link Deco BE25 v1.0 web modules allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822...
CVE-2026-0655
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TP-Link Deco BE25 v1.0 web modules allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822...
CVE-2026-0654
Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbitrary commands via crafted configuration file, impacting confidentiality, integrity and availabili...
PT-2026-22661
Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbitrary commands via crafted configuration file, impacting confidentiality, integrity and availabili...
CVE-2025-61983
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length...
CVE-2025-62404
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue...
CVE-2025-62405 Heap-based Buffer Overflow Vulnerability in TP-Link Archer AX53
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected...
CVE-2025-61944 Heap-based Buffer Overflow Vulnerability in TP-Link Archer AX53
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length...
CVE-2025-15035
Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 vpn modules allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤...
CVE-2025-15035 Arbitrary File Deletion Vulnerability in TP-Link Archer AXE75
Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 vpn modules allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤...
PT-2022-2551 · Cisco · Cisco Umbrella Secure Web Gateway
Name of the Vulnerable Software and Affected Versions: Cisco Umbrella Secure Web Gateway SWG affected versions not specified Description: A vulnerability in the automatic decryption process could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies...
CVE-2019-15246
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An...