CVE-2026-9628

A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipulation of the argument PPTP server address/username/password/tunnel name causes stack-based buffer...

EUVD-2026-26015

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enabled can lead to os command injection. The attack may be performed from...

amaranth-yosys (=0.25.0.0.post69), polywrap-client (=0.1.0a17) +4 more potentially affected by CVE-2026-34983 via wasmtime (=6.0.0)

wasmtime PYPI version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on wasmtime and may be impacted: - amaranth-yosys =0.25.0.0.post69 - polywrap-client =0.1.0a17 - polywrap-client-config-builder =0.1.0a17 - polywrap-uri-resolvers =0.1.0a15,...

CVE-2026-0967

A flaw was found in libssh. A remote attacker, by controlling client configuration files or knownhosts files, could craft specific hostnames that when processed by the matchpattern function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion,...

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

CVE-2026-24308

The CVE concerns Apache ZooKeeper (versions 3.8.5 and 3.9.4) where ZKConfig improperly handles configuration values, causing sensitive client configuration data to be exposed in log files at INFO level across all platforms. Impact is exposure of sensitive information stored in client configuratio...

CVE-2025-68121

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...

CVE-2025-68121

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...

UTT 520W 安全漏洞

UTT 520W is a wireless router from China Aitai UTT. A security vulnerability exists in the UTT 520W version 1.7.7-180627, which originates from incorrect manipulation of the parameter EncryptionMode of the function strcpy in the file /goform/formPptpClientConfig, which could lead to a buffer...

CVE-2025-34180 NetSupport Manager < 14.12.0001 Gateway Key Reversible Encoding Credential Recovery

NetSupport Manager 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored...

PT-2025-51232

NetSupport Manager 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored...

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...

SUSE SLES15 / openSUSE 15 Security Update : regionServiceClientConfigGCE (SUSE-SU-2025:03119-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03119-1 advisory. This update for regionServiceClientConfigGCE contains the following fixes: - Update to version 5.0.0 bsc1246995 - SLE 16...

SUSE CVE-2025-6264

Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions via the Admin.Client.UpdateClientConfig artifact. An attacker can gain elevated privileges and execute arbitrary commands by exploiting insufficient permission checks when collecting artifacts from endpoint...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions via the Admin.Client.UpdateClientConfig artifact. An attacker can gain elevated privileges and execute arbitrary commands by exploiting insufficient permission checks when collecting artifacts from endpoint...

CVE-2024-39228

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface...

CVE-2024-39228

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface...

GL.iNet多款产品 注入漏洞

GL.iNet AR750S and others are products of China's Guanglian Intelligent Communication GL.iNet company.GL.iNet AR750S is a router.GL.iNet AR750 is a router.GL.iNet AR300M is a router.The vulnerability is caused by a shell injection vulnerability in the checkovpnclientconfig interface.The...