153 matches found
EUVD-2026-36768
An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request...
CVE-2026-50870
An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request...
PT-2026-49311
Name of the Vulnerable Software and Affected Versions whoogle-search version 1.2.3 Description An information disclosure issue in the configuration endpoint allows attackers to obtain sensitive information by sending a crafted GET request. Recommendations At the moment, there is no information...
CVE-2026-50870
An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request...
CVE-2026-50870
CVE-2026-50870 describes an information-disclosure flaw in the configuration endpoint of Ben Busby’s whoogle-search v1.2.3. The vulnerability is triggered by a crafted GET request against the configuration endpoint, and allows attackers to obtain sensitive information. The available connected doc...
CVE-2026-11503
A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function formfastsettingwifiset of the file /goform/fastsettingwifiset of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The...
CVE-2026-11503
A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function formfastsettingwifiset of the file /goform/fastsettingwifiset of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The...
CVE-2026-11503 Tenda CX12L Wi-Fi Configuration Endpoint fast_setting_wifi_set form_fast_setting_wifi_set stack-based overflow
A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function formfastsettingwifiset of the file /goform/fastsettingwifiset of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The...
EUVD-2026-35038
A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function formfastsettingwifiset of the file /goform/fastsettingwifiset of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The...
CVE-2026-11503 Tenda CX12L Wi-Fi Configuration Endpoint fast_setting_wifi_set form_fast_setting_wifi_set stack-based overflow
A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function formfastsettingwifiset of the file /goform/fastsettingwifiset of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The...
CVE-2026-11503
Affected product/version: Tenda CX12L 16.03.53.12. Vulnerable component: function form_fast_setting_wifi_set in the file /goform/fast_setting_wifi_set (Wi-Fi Configuration Endpoint). Root cause / vulnerability: manipulation of the argument ssid leads to a stack-based buffer overflow; vulnerabilit...
PT-2026-47265
Name of the Vulnerable Software and Affected Versions Tenda CX12L version 16.03.53.12 Description A stack-based buffer overflow occurs in the Wi-Fi Configuration Endpoint when the ssid argument is manipulated. This issue exists within the form fast setting wifi set function located in the...
CVE-2026-41273
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated with a public chatflow. By accessing a public...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Import function in the TTS Configuration Endpoint. An attacker can access internal resources or services by sending crafted requests through the vulnerable endpoint. Remediation Upgrade...
EUVD-2026-33879
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/ttsconfig.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate t...
CVE-2026-10583
A vulnerability in nextlevelbuilder GoClaw up to 3.11.3 affects the Import function in internal/http/tts_config.go (TTS Configuration Endpoint). The issue enables server-side request forgery (SSRF) and can be triggered remotely. Exploit details have been publicly disclosed, and the project charac...
PT-2026-45691
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts config.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate...
CVE-2026-42151
A flaw was found in Prometheus, an open-source monitoring system. The clientsecret field within the Azure Active Directory AD remote write OAuth configuration was incorrectly handled as a plain string instead of a secure Secret type. This misconfiguration allowed any user or process with access t...
CVE-2025-71284
Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...
CVE-2026-41273
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated with a public chatflow. By accessing a public...