CVE-2026-57999

luci-app-tailscale-community contains a command injection vulnerability in the tailscale.dologin RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability exists because user-controlled loginserver and loginserverauthkey parameters are improperly quoted...

EUVD-2026-40171

luci-app-tailscale-community contains a command injection vulnerability in the tailscale.dologin RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability exists because user-controlled loginserver and loginserverauthkey parameters are improperly quoted...

PT-2025-1515 · Unknown · Dologin Security

Name of the Vulnerable Software and Affected Versions: DoLogin Security versions 3.7.1 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels. Recommendations: For DoLogin...

CVE-2023-4631

The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing...