4184 matches found
PT-2026-25024
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable echo server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
GL-iNet GL-AR300M16 安全漏洞
GL-iNet GL-AR300M16 is a portable mini router produced by the Chinese company GL-iNet. The GL-iNet GL-AR300M16 v4.3.11 version contains a security vulnerability. This vulnerability stems from the string port parameter in the enableechoserver function, which allows for command injection, potential...
CVE-2026-26791
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enableechoserver function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
CVE-2026-26791
GL-iNet GL-AR300M16 v4.3.11 contains a command injection vulnerability in the enable_echo_server function exposed via the port parameter. A crafted input can lead to arbitrary command execution on the device. The CVE entry indicates a network-exposed impact with high severity, but the provided do...
CVE-2026-31888
Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUTCUSTOMERAUTHBADCREDENTIALS or is unknown...
CVE-2026-31888
Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUTCUSTOMERAUTHBADCREDENTIALS or is unknown...
ECHO-EDE0-D99F-450B
Bulletin has no description...
ECHO-7EB0-BCA7-2E0B
Bulletin has no description...
ECHO-B155-ED65-13D4
Bulletin has no description...
ECHO-30C0-A594-F90E
Bulletin has no description...
ECHO-1808-4C87-682F
Bulletin has no description...
CVE-2026-29038 changedetection.io: Reflected XSS in RSS Tag Error Response
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting XSS vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body...
USN-8078-1: Zutty vulnerability
Carter Sande discovered that Zutty did not correctly echo invalid input to the console on DECRQSS. An attacker could possibly use this issue to execute arbitrary commands...
USN-8078-1 zutty vulnerability
Carter Sande discovered that Zutty did not correctly echo invalid input to the console on DECRQSS. An attacker could possibly use this issue to execute arbitrary commands...
ECHO-0638-253E-D3EC
Bulletin has no description...
SUSE CVE-2026-25766
Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo's middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In middleware/static.go, the requested path is unescaped and...
ECHO-16BE-74B0-122B
Bulletin has no description...
ECHO-7BC9-C663-1FEF
Bulletin has no description...
ECHO-2654-D857-4161
Bulletin has no description...
ECHO-783B-C2AC-C763
Bulletin has no description...