CVE-2025-43982

Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI...

CVE-2025-43982

Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI...

PT-2024-11534 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 4.4.13 Mautic versions prior to 5.1.1 Description: The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to the patc...

PT-2024-26983 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.14.4 SuiteCRM versions prior to 8.6.1 Description: The issue is related to a deprecated v4 API example with no log rotation, which allows denial of service by logging excessive data. This can lead to denial of...

SUSE CVE-2021-47201

In the Linux kernel, the following vulnerability has been resolved: iavf: free qvectors before queues in iavfdisablevf iavffreequeues clears adapter-numactivequeues, which iavffreeqvectors relies on, so swap the order of these two function calls in iavfdisablevf. This resolves a panic encountered...

PT-2024-20226 · Jsherp · Jsherp

Name of the Vulnerable Software and Affected Versions: jshERP version 3.3 Description: The issue concerns an Arbitrary File Upload vulnerability. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulti...

PT-2023-3710 · Unknown · Sspanel-Uim

Name of the Vulnerable Software and Affected Versions: SSPanel-Uim version 2023.3 Description: The issue is related to improper authorization in the /link/ interface of the SSPanel-Uim software. This can allow an attacker to gain access to confidential information, potentially leading to a leak o...

PT-2023-19174 · Ubiquiti · Ubiquiti Edgerouter X

Name of the Vulnerable Software and Affected Versions: Ubiquiti EdgeRouter X versions up to 2.0.9-hotfix.6 Description: A critical issue affects the Web Management Interface component, where the manipulation of the src argument leads to command injection. This can be initiated remotely...

PT-2023-6680 · NetGear · Netgear Wndr3700V2

Name of the Vulnerable Software and Affected Versions: Netgear WNDR3700v2 version 1.0.1.14 Description: A vulnerability was found in the Web Management Interface component of the Netgear WNDR3700v2 router. The issue affects some unknown processing and leads to denial of service. The attack may be...

PT-2022-19084 · Totolink · Totolink A7100Ru

Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version 7.4cu.2313 b20191024 Description: A command injection issue is found in the delParentalRules interface of the TOTOlink A7100RU router, allowing an attacker to execute arbitrary commands through a carefully constructed...

PT-2022-19089 · Totolink · Totolink A7100Ru

Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version 7.4cu.2313 b20191024 Description: A command injection issue is found in the setWiFiSignalCfg interface of the TOTOlink A7100RU router, allowing an attacker to execute arbitrary commands through a carefully constructed...

PT-2022-19085 · Totolink · Totolink A7100Ru

Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version 7.4cu.2313 b20191024 Description: A command injection issue is found in the setOpenVpnCfg interface of the TOTOlink A7100RU router, allowing an attacker to execute arbitrary commands through a carefully constructed...

CarPunk - The Car Hacking Toolkit

CARPUNK IS VERY SIMILAR TO CANghost, ONLY THE DEFFERENCE IS, IT COMES WITH OPTIONS TO ENABLE OR DISABLE INTERFACE AND BASIC SNIFFING AS EXTRA. IT WORKS ON BOTH SIMULATION & REAL CARS. HAS THE OPTIONS TO RECORD AND PLAY THE CAN PACKETS. NO ANY ARGUMENTS REQUIRED WHEN RUNNING BUT NEED...

UBUNTU-CVE-2021-39213

GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround...

UBUNTU-CVE-2014-2580

The netback driver in Xen, when using certain Linux versions that do not allow sleeping in softirq context, allows local guest administrators to cause a denial of service "scheduling while atomic" error and host crash via a malformed packet, which causes a mutex to be taken when trying to disable...

FreeBSD IPv6 interface DoS

Unprivileged user can set options and disable interface...

Cisco IOS cross-site scripting vulnerability

Overview The web-based interface implemented in Cisco IOS is vulnerable to cross-site scripting. Some versions of the Cisco IOS provide a web-based interface to configure the device. This web-based interface contains a cross-site scripting vulnerability. A wide range of versions are affected. If...