CVE-2026-37540

OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elfloader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems STM32MP1, Zynq, i.MX, large values can...

CVE-2026-42644

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through = 4.3.10...

U-SPEED N300 资源管理错误漏洞

The U-SPEED N300 is a wireless router device produced by the U-SPEED company. The U-SPEED N300 V1.0.0 version has a resource management vulnerability. This vulnerability stems from a denial-of-service attack on the embedded Boa HTTP server. It is possible for attackers to exhaust system resources...

HP Printer Weak Password Requirement (CVE-2009-0941)

The HP Embedded Web Server EWS on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...

JUNG Smart Visu Server 1.1.1050 - Dos

Exploit Title: JUNG Smart Visu Server 1.1.1050- Dos CVE: CVE-2026-26235 Date: 2026-02-12 Exploit Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity Author GitHub: https://github.com/banyamer-security Vendor Homepage: https://www.jung.de Software Link:...

EUVD-2026-26379

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

HP Printer Cross-Site Request Forgery (CVE-2009-0940)

Multiple cross-site request forgery CSRF vulnerabilities in the HP Embedded Web Server EWS on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that 1 print documents via unknown vectors, 2 modif...

Embedded Malicious Code

Overview tanstack is a TanStack Player — A developer-first, universal Video Player SDK built on Video.js with headless hooks, plugin architecture, and React-first DX Affected versions of this package are vulnerable to Embedded Malicious Code that exfiltrates environment variables from developers'...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload. A malicious actor compromised the package, enabling the attacker to publish tampered versions of the deep learning framework. Malicious Behavior The execution chain ru...

Embedded Malicious Code

Overview lightning is a Deep Learning framework to train, deploy, and ship AI products Lightning fast. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload. A malicious actor compromised the package, enabling the attacker to publi...

Embedded Malicious Code

Overview intercom/intercom-php is an Intercom API client. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload. A malicious actor compromised the package, enabling the attacker to publish tampered versions of the deep learning...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), io.jenkins.blueocean:blueocean (>=1.27.17 <=1.27.25) +8 more potentially affected by CVE-2026-42524 via org.jenkins-ci.plugins:htmlpublisher (>=1.0 <=1.6)

org.jenkins-ci.plugins:htmlpublisher MAVEN version =1.0, =1.9.2-beta, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.0.0, =1.0.18 Source cves: CVE-2026-42524 Source advisory: OSV:GHSA-F8H4-46XV-H7JJ...

CVE-2026-39686

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through = 3.7.2...

CVE-2026-42644

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through = 4.3.10...

EUVD-2026-26215

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through = 4.3.10...

PT-2026-35903

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through = 4.3.10...

WordPress Plugin BetterDocs 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Embedded Malicious Code

Overview @cap-js/postgres is a CDS database service for Postgres Affected versions of this package are vulnerable to Embedded Malicious Code that conceals an obfuscated payload designed to steal developer credentials during the package installation. The malicious versions and their contents are...

CLSA-2026-1777296725 Fix CVE(s): CVE-2026-35414

SECURITY UPDATE: mishandling of authorizedkeys principals option - debian/patches/CVE-2026-35414.patch: replace matchlist with xstrdup + strsep + exact strcmp in matchprincipalsoption in auth2-pubkey.c, so certificate principals containing embedded commas are no longer wrongly cross-matched. -...

Apache Camel Vulnerable to Authentication Bypass Using an Alternate Path or Channel

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server camel-platform-http-main and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and...