3259 matches found
Devolutions Server 加密问题漏洞
Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server such as 2026.2.4.0, 2026.1.20.0, and earlier versions have security vulnerabilities. These...
CVE-2026-42540
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...
CVE-2026-6240
A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive number of identifiers ...
CVE-2025-53680
An improper neutralization of special elements used in an OS command "OS Command Injection" vulnerability CWE-78 vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 throug...
CVE-2026-1789
A vulnerability in the browser-based remote management interface may allow an administrator to access sensitive information on the device via crafted requests, affecting certain production printers and office/small office multifunction printers...
CVE-2026-20081
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...
CVE-2026-22154
An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3,...
CVE-2026-1659
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted requests due to insufficient input validation...
CVE-2026-8980
The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin operator and manufacturer accounts via crafted POST requests...
CVE-2026-36785
Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
PT-2026-47055
Name of the Vulnerable Software and Affected Versions Tenda FH451 version 1.0.0.9 Description A stack overflow exists in the fromDhcpListClient function. This occurs when processing the page parameter via a crafted HTTP request, which can lead to a Denial of Service DoS, a condition where the...
CVE-2026-48040
The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP RFC 9458 using BoringSSL's HPKE C library via JNI. When deriving native memory addresses for cryptographic operations versions prior to 0.0.22.Final provide a fallback path for direct...
CVE-2026-28318 SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability
SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update...
CVE-2026-36605
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 is vulnerable to a HTTP denial of service via a low number of crafted incomplete HTTP requests, causing a persistent crash that requires physical power cycling to recover...
Linux Distros Unpatched Vulnerability : CVE-2026-44579
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the...
Mercusys AC12G 安全漏洞
The Mercusys AC12G is a Gigabit wireless router produced by the Chinese company Mercusys. The Mercusys AC12G EU V1 AC12G EU V1 version has a security vulnerability. This vulnerability stems from an HTTP denial-of-service attack, which may cause continuous crashes due to a small number of speciall...
BIT-NGINX-GATEWAY-2026-9256 NGINX ngx_http_rewrite_module vulnerability
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...
Joomla Component JE Photo Gallery SQL注入漏洞
The Joomla component JE Photo Gallery is an open-source Joomla image gallery component. Version 1.1 of the JE Photo Gallery has a SQL injection vulnerability. This vulnerability stems from the categoryid parameter, which allows for SQL injections. Unauthorized attackers could exploit this...
PT-2026-45124
Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form...
CVE-2026-23870
A flaw was found in the React Server DOM components, including react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. A remote attacker could exploit this denial of service DoS vulnerability by sending specially crafted HTTP requests to server function endpoints. This...