CVE-2026-53521 Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH /server/id accepts and persists nonexistent ddnsprofiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those...

CVE-2026-53521

CVE-2026-53521 affects Nezha Monitoring. From versions 2.0.14 up to before 2.1.0, PATCH /server/{id} accepts and persists nonexistent ddns_profiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those IDs, the DDNS worker resolves the stored ID and dispatc...

CVE-2026-36610

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...

CVE-2026-36610

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...

CVE-2026-36606

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

CVE-2026-36610

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...

Mercusys AC12G 安全漏洞

The Mercusys AC12G is a Gigabit wireless router produced by the Chinese company Mercusys. The Mercusys AC12G EU V1 AC12G EU V1 version has a security vulnerability. This vulnerability stems from the transmission of DDNS credentials via plaintext HTTP, which may allow for man-in-the-middle attacks...

PT-2026-45998

Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...

CVE-2026-36610

Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding; the firmware contains no TLS, enabling man-in-the-middle interception of DDNS credentials.

EUVD-2026-34145

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

Nezha's authenticated DDNS webhook configuration allows blind SSRF from the dashboard host

Summary An authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook and configure an arbitrary webhookurl, HTTP method, request body, and headers. When DDNS is triggered for a server that uses that profile, the dashboard process sends the configured request wit...

PT-2026-45048

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 0.20.0 through 2.0.9 Description An authenticated user with low privileges can perform a blind Server-Side Request Forgery SSRF by creating or updating a DDNS profile. By configuring a provider webhook with an arbitra...

Malicious code in @self-evolving-harness/kivo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce31b5c287727dabb5479a114843b06b80bbd75db10d74014a00db80b9b321bd The package's LLM pipeline Kivo.ingest → value-gate → OpenAILLMProvider resolves its endpoint via resolveLlmConfig in...

CVE-2026-42364

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability...

CVE-2026-42364

CVE-2026-42364 concerns a command-injection in the GeoVision LPC2011/LPC2211 web interface. The vulnerability resides in the DdnsSetting.cgi endpoint of version 1.10, where a specially crafted DDNS configuration can trigger arbitrary command execution. The description notes an attacker can modify...

CVE-2026-42364 GeoVision LPC2011/LPC2211 Web Interface / DdnsSetting.cgi OS command injection vulnerability

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability...

GeoVision LPC2011和GeoVision LPC2211 操作系统命令注入漏洞

Both GeoVision LPC2011 and GeoVision LPC2211 are network monitoring and control devices produced by the Chinese company GeoVision. Versions 1.10 of GeoVision LPC2011 and GeoVision LPC2211 contain a vulnerability related to operating system command injection. This vulnerability stems from the OS...

PT-2026-36732

Name of the Vulnerable Software and Affected Versions GeoVision LPC2011/LPC2211 version 1.10 Description An OS command injection flaw exists in the 'DdnsSetting.cgi' functionality. A specially crafted DDNS configuration allows an attacker to modify a configuration value to execute arbitrary...

EUVD-2026-19547

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit has been disclosed...

CVE-2026-5688

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit has been disclosed...