PT-2025-22135 · NetGear · Netgear Dgnd3700

Name of the Vulnerable Software and Affected Versions: Netgear DGND3700 version 1.1.00.15 1.00.15NA Description: A very critical issue was found, affecting the Basic Authentication component of the Netgear DGND3700. This issue leads to improper authentication and can be initiated remotely. The...

How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes

The company behind the Signal clone used by at least one Trump administration official was breached earlier this month. The hacker says they got in thanks to a basic misconfiguration...

CVE-2024-12716 Simple Basic Contact Form < 20250114 - Admin+ Stored XSS

The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...

WordPress plugin Simple Basic Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2025-21430 · WordPress · Simple Basic Contact Form

Name of the Vulnerable Software and Affected Versions: The Simple Basic Contact Form WordPress plugin versions prior to 20250114 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html...

php: Stream HTTP wrapper header check might omit basic auth header

A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...

php: Stream HTTP wrapper header check might omit basic auth header

A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...

php: Stream HTTP wrapper header check might omit basic auth header

A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...

php: Stream HTTP wrapper header check might omit basic auth header

A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...

ALSA-2025:7489 Important: php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth header CVE-2025-1736 php: Streams HTTP wrapper...

TOTOLINK NR1800X 安全漏洞

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's Gion Electronics TOTOLINK. The TOTOLINK NR1800X suffers from a buffer overflow vulnerability that stems from the ssid parameter in the setWiFiBasicCfg function failing to properly validate the length size of the input...

CVE-2025-46826 insa-auth Open-Redirect on provided CAS server login endpoint

insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information name and number. However, the issue posed minimal risk, was never exploited, and had limited...

Unsophisticated Cyber Actor(s) Targeting Operational Technology

CISA is increasingly aware of unsophisticated cyber actors targeting ICS/SCADA systems within U.S. critical Infrastructure sectors Oil and Natural Gas, specifically in Energy and Transportation Systems. Although these activities often include basic and elementary intrusion techniques, the presenc...

Uro - Declutters Url Lists For Crawling/Pentesting

Using a URL list for security testing can be painful as there are a lot of URLs that have uninteresting/duplicate content; uro aims to solve that. It doesn't make any http requests to the URLs and removes: - incremental urls e.g. /page/1/ and /page/2/ - blog posts and similar human written conten...

Mitsubishi (CVE-2022-33321)

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric...

The vulnerability of the LockGeneralSettings method in the software for managing and monitoring remote objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, allows a hacker to circumvent security restrictions and gain access to write and read arbitrary files.

The vulnerability of the LockGeneralSettings method in the software for managing and monitoring remote objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability...

CVE-2025-29931

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated...

CVE-2025-39517

Cross-Site Request Forgery CSRF vulnerability in WP Map Plugins Basic Interactive World Map basic-interactive-world-map allows Cross Site Request Forgery.This issue affects Basic Interactive World Map: from n/a through = 2.7...

CVE-2025-30030

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'ImportDatabase' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

CVE-2025-30003

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectConnections' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...