377 matches found
CVE-2026-15486
The vulnerability CVE-2026-15486 affects TRENDnet TEW-821DAP (firmware 1.11B03). It targets the Firmware Update Handler's /goform/tools_ddns component, specifically function sub_42026C, where manipulation of hostname/username/password can trigger an os command injection. The attack is described a...
CVE-2026-59155 Nezha Monitoring: DDNS and Notification credential exposure via unredacted list API
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to 2.2.5, the GET /api/v1/ddns and GET /api/v1/notification endpoints return full resource objects including plaintext third-party API credentials, including Cloudflare API tokens, TencentCloud...
GHSA-WW5P-J6CJ-6MQQ Nezha Dashboard: DDNS and Notification credential exposure via unredacted list API
Summary The GET /api/v1/ddns and GET /api/v1/notification endpoints return full resource objects including plaintext third-party API credentials — Cloudflare API tokens, TencentCloud SecretKeys, Slack/Discord/Telegram webhook URLs with embedded bot tokens, and Authorization header values — withou...
GHSA-39G2-8X68-PMX8 Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context
Summary PATCH /server/id accepts and persists nonexistent ddnsprofiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those IDs, the DDNS worker resolves the stored ID and dispatches an update using the other user's DDNS profile configuration in the contex...
CVE-2026-53521 Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH /server/id accepts and persists nonexistent ddnsprofiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those...
CVE-2026-53521
CVE-2026-53521 affects Nezha Monitoring. From versions 2.0.14 up to before 2.1.0, PATCH /server/{id} accepts and persists nonexistent ddns_profiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those IDs, the DDNS worker resolves the stored ID and dispatc...
CVE-2026-36610
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...
CVE-2026-36610
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...
CVE-2026-36610
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...
CVE-2026-36606
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...
Mercusys AC12G 安全漏洞
The Mercusys AC12G is a Gigabit wireless router produced by the Chinese company Mercusys. The Mercusys AC12G EU V1 AC12G EU V1 version has a security vulnerability. This vulnerability stems from the transmission of DDNS credentials via plaintext HTTP, which may allow for man-in-the-middle attacks...
EUVD-2026-34145
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...
PT-2026-45998
Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...
CVE-2026-36610
Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding; the firmware contains no TLS, enabling man-in-the-middle interception of DDNS credentials.
Nezha's authenticated DDNS webhook configuration allows blind SSRF from the dashboard host
Summary An authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook and configure an arbitrary webhookurl, HTTP method, request body, and headers. When DDNS is triggered for a server that uses that profile, the dashboard process sends the configured request wit...
PT-2026-45048
Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 0.20.0 through 2.0.9 Description An authenticated user with low privileges can perform a blind Server-Side Request Forgery SSRF by creating or updating a DDNS profile. By configuring a provider webhook with an arbitra...
Malicious code in @self-evolving-harness/kivo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce31b5c287727dabb5479a114843b06b80bbd75db10d74014a00db80b9b321bd The package's LLM pipeline Kivo.ingest → value-gate → OpenAILLMProvider resolves its endpoint via resolveLlmConfig in...
CVE-2026-42364
An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability...
CVE-2026-42364 GeoVision LPC2011/LPC2211 Web Interface / DdnsSetting.cgi OS command injection vulnerability
An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability...
CVE-2026-42364
CVE-2026-42364 concerns a command-injection in the GeoVision LPC2011/LPC2211 web interface. The vulnerability resides in the DdnsSetting.cgi endpoint of version 1.10, where a specially crafted DDNS configuration can trigger arbitrary command execution. The description notes an attacker can modify...