Lucene search
K

1118 matches found

Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.5 views

PT-2026-22152

Name of the Vulnerable Software and Affected Versions D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME version 1.00 Description The device suffers from improper session management, which allows attackers to perform a session hijacking attack. This is achieved by spoofing the IP address of an...

8.2CVSS5.9AI score0.00129EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/02/03 9:18 a.m.8 views

CVE-2026-1744

A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function doSubmitPPP of the file sppppoeuser.js. The manipulation of the argument Username results in cross site scripting. The attack may be launched remotely. The exploit has been made public and coul...

4.8CVSS4AI score0.00408EPSS
Exploits1References1
OSV
OSV
added 2026/02/02 5:15 a.m.5 views

CVE-2026-1744

A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function doSubmitPPP of the file sppppoeuser.js. The manipulation of the argument Username results in cross site scripting. The attack may be launched remotely. The exploit has been made public and coul...

4.8CVSS4.1AI score0.00408EPSS
Exploits1References5
NVD
NVD
added 2026/02/02 5:15 a.m.9 views

CVE-2026-1744

A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function doSubmitPPP of the file sppppoeuser.js. The manipulation of the argument Username results in cross site scripting. The attack may be launched remotely. The exploit has been made public and coul...

4.8CVSS0.00408EPSS
Exploits1References5
CVE
CVE
added 2026/02/02 4:32 a.m.15 views

CVE-2026-1744

CVE-2026-1744 affects D-Link DSL-6641K (N8.TR069.20131126). The vulnerability is in the doSubmitPPP function within sp_pppoe_user.js, where manipulating the Username parameter yields cross-site scripting. Exploitation can be remote, and multiple sources note the exploit is public. Remediation det...

4.8CVSS4.4AI score0.00408EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/02/02 4:32 a.m.47 views

CVE-2026-1744 D-Link DSL-6641K sp_pppoe_user.js doSubmitPPP cross site scripting

A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function doSubmitPPP of the file sppppoeuser.js. The manipulation of the argument Username results in cross site scripting. The attack may be launched remotely. The exploit has been made public and coul...

4.8CVSS0.00408EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/02 4:32 a.m.3 views

CVE-2026-1744 D-Link DSL-6641K sp_pppoe_user.js doSubmitPPP cross site scripting

A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function doSubmitPPP of the file sppppoeuser.js. The manipulation of the argument Username results in cross site scripting. The attack may be launched remotely. The exploit has been made public and coul...

4.8CVSS4AI score0.00408EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.30 views

PT-2026-5603

Name of the Vulnerable Software and Affected Versions D-Link DSL-6641K N8.TR069.20131126 Description A security issue exists in D-Link DSL-6641K N8.TR069.20131126 related to the doSubmitPPP function within the sp pppoe user.js file. Manipulation of the Username argument can lead to cross site...

4.8CVSS3.3AI score0.00408EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2026/02/01 3:14 a.m.7 views

CVE-2026-1705

A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function advirtualservervdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. It is possible to initiate the attack remotely. The exploi...

4.8CVSS4.5AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/31 12:30 a.m.9 views

EUVD-2026-5003

A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function advirtualservervdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. It is possible to initiate the attack remotely. The exploi...

4.8CVSS4.5AI score0.00223EPSS
Exploits0References6
NVD
NVD
added 2026/01/30 10:15 p.m.9 views

CVE-2026-1705

A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function advirtualservervdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. It is possible to initiate the attack remotely. The exploi...

4.8CVSS0.00223EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/30 9:32 p.m.4 views

CVE-2026-1705 D-Link DSL-6641K Web ad_virtual_server_vdsl cross site scripting

A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function advirtualservervdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. It is possible to initiate the attack remotely. The exploi...

4.8CVSS3.9AI score0.00223EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/30 9:32 p.m.6 views

CVE-2026-1705

A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function advirtualservervdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. It is possible to initiate the attack remotely. The exploi...

4.8CVSS4.5AI score0.00223EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/30 9:32 p.m.49 views

CVE-2026-1705 D-Link DSL-6641K Web ad_virtual_server_vdsl cross site scripting

A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function advirtualservervdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. It is possible to initiate the attack remotely. The exploi...

4.8CVSS0.00223EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.9 views

PT-2026-5462

Name of the Vulnerable Software and Affected Versions D-Link DSL-6641K version N8.TR069.20131126 Description A flaw exists within the Web Interface component of the device, specifically in the ad virtual server vdsl function. Manipulating the Name argument can lead to cross site scripting. This...

4.8CVSS4.7AI score0.00223EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/01/14 8:22 p.m.7 views

CVE-2025-68702

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft32, '0' when it should use padLeft64, '0' because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2...

8.7CVSS6.8AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 8:22 p.m.8 views

CVE-2025-68925

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2...

6.9CVSS7.1AI score0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 7:25 p.m.9 views

CVE-2025-68698

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...

8.7CVSS6.9AI score0.00128EPSS
Exploits0References1
NVD
NVD
added 2026/01/13 8:16 p.m.20 views

CVE-2025-68701

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2...

8.7CVSS0.00202EPSS
Exploits0References2
NVD
NVD
added 2026/01/13 8:16 p.m.22 views

CVE-2025-68702

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft32, '0' when it should use padLeft64, '0' because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2...

8.7CVSS0.00147EPSS
Exploits0References2
Rows per page
Query Builder