CVE-2026-5665

A security vulnerability has been detected in code-projects Online FIR System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/checklogin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack is possible to...

CVE-2026-5339

CVE-2026-5339 affects Tenda G103 1.0.0.5. The vulnerability is in the Setting Handler’s gpon.lua, function action_set_net_settings, where manipulating authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriority enables command injection remotely. Public exploit av...

EUVD-2026-17399

A vulnerability was determined in code-projects Student Membership System 1.0. The impacted element is an unknown function of the file /admin/index.php of the component Admin Login. This manipulation of the argument username/password causes sql injection. Remote exploitation of the attack is...

CVE-2025-67112

Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatio...

Sercomm SCE4255W 安全漏洞

Sercomm SCE4255W is a broadband gateway device produced by Sercomm in Taiwan, China. Previous versions of Sercomm SCE4255W DG3934v3@2308041842 contained security vulnerabilities. These vulnerabilities stemmed from the use of hard-coded AES-256-CBC keys in the configuration backup/restore mechanis...

PT-2026-26317

Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatio...

CVE-2025-67112

The CVE-2025-67112 entry concerns the Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware prior to DG3934v3@2308041842, where a hard-coded AES-256-CBC key in the configuration backup/restore flow allows remote authenticated users to decrypt, modify, and re-encrypt device configurations. Th...

CVE-2025-67112

Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatio...

CVE-2026-4187

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Impacted is an unknown function of the file /WebService/UpdateLocalDevInfo.jsp of the component Device Identifier Handler. Such manipulation of the argument username/password leads to missing authentication. The...

CVE-2026-2171

A vulnerability was found in code-projects Online Student Management System 1.0. Affected is an unknown function of the file accounts.php of the component Login. Performing a manipulation of the argument username/password results in sql injection. The attack can be initiated remotely. The exploit...

EUVD-2026-5783

A security vulnerability has been detected in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /login/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack is possible to be carried...

CVE-2026-0605

A security vulnerability has been detected in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. Such manipulation of the argument username/password leads to sql injection. The attack may be performed from remote. The exploit ha...

CVE-2025-15151

TaleLin Lin-CMS up to 0.6.0 is affected by a vulnerability in the Tests Folder: manipulation of the username/password arguments in /tests/config.py can lead to passwords being written into the configuration file. The issue is exploitable remotely with high attack complexity; exploit publicly disc...

EUVD-2025-31436

Malicious code in bioql PyPI...

Retail at risk: How one alert uncovered a persistent cyberthreat​​

In the latest edition of our Cyberattack Series, we dive into real-world cases targeting retail organizations. With 60% of retail companies reporting operational disruptions from cyberattacks and 43% experiencing security compromises in the past year, the risks for businesses continue to increase...

CVE-2025-9359

The CVE-2025-9359 entry describes a stack-based buffer overflow in Linksys RP_checkCredentialsByBBS (file path /goform/RP_checkCredentialsByBBS) triggered by manipulating the ssidhex/pwd arguments. Affected devices are Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 with firmware versions 1.0.0...

USR IOT 4G LTE Industrial Cellular VPN Router 安全漏洞

Jinan USR IOT Technology USR IOT 4G LTE Industrial Cellular VPN Router is an industrial-grade 4G wireless LTE router from Jinan USR IOT Technology China. A security vulnerability exists in the USR USR-G806 version 1.0.41, which stems from a problem with the component Web Management Page, where...

GHSA-4427-7F3W-MQV6 OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user...

USN-5128-1 ceph vulnerabilities

Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain environments. An attacker could use this to gain unintended access to resources. This issue only affected Ubuntu 18.04 LTS. CVE-2020-27781 It was discovered that Ceph...

CVE-2020-24130

CVE-2020-24130 describes a CSRF flaw in Ponzu 0.11.0 (configure.html) where an attacker can change user and administrator credentials and add or delete administrator accounts. The issue is tied to Ponzu’s configure.html component, and multiple connected sources confirm the same vulnerability desc...