CVE-2026-7289

A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2026-7288 D-Link DIR-825M formVpnConfigSetup sub_4151FC buffer overflow

A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed t...

simple-git is vulnerable to Remote Code Execution

Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...

CVE-2026-6951

Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...

CVE-2025-13550

A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.0020250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has bee...

CVE-2025-13550

CVE-2025-13550 affects D-Link DIR-822K and DWR-M920 (firmware 1.00_20250513164613 and 1.1.50). The vulnerability resides in the function handling the /boafrm/formVpnConfigSetup file, where manipulating the submit-url argument can cause a buffer overflow. Exploitation is remote, and a public explo...

PT-2025-47843

Name of the Vulnerable Software and Affected Versions D-Link DIR-822K versions 1.00 20250513164613 and 1.1.50 D-Link DWR-M920 versions 1.00 20250513164613 and 1.1.50 Description A buffer overflow issue exists in D-Link DIR-822K and DWR-M920 routers. The issue is located in an unknown function...

PT-2025-47842

Name of the Vulnerable Software and Affected Versions D-Link DIR-822K versions 1.00 20250513164613 and 1.1.50 D-Link DWR-M920 versions 1.00 20250513164613 and 1.1.50 Description A buffer overflow issue exists in D-Link DIR-822K and DWR-M920 devices. The issue is due to the manipulation of the...

CVE-2023-30524

Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them...

CVE-2022-27200

Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

Cross-Site Scripting (XSS)

phpmyadmin is vulnerable to cross-site scripting. The vulnerability exists due to a lack of escape of the config-form's action attribute...

Cross-Site Scripting (XSS)

phpmyadmin is vulnerable to cross-site scripting. The vulnerability exists due to a lack of escape of the config-form's action attribute. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection...

PT-2019-9614 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 versions prior to 5.3.2.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the cf title parameter, also known as the "homepage title" parameter, in the adm/config form update.php file. This...

PT-2019-9616 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the Extra Contents parameter, also known as the cf 110 parameter in the adm/config form update.php file. This enables attacker...

CVE-2018-0665

Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be...