406 matches found
[SECURITY] Fedora 43 Update: python-multipart-1.3.1-1.fc43
This module provides a fast incremental non-blocking parser for multipart/form-data HTML5, RFC7578, as well as blocking alternatives for easier use in WSGI or CGI applications...
EUVD-2026-13598
A vulnerability was found in Yi Technology YI Home Camera 2 2.1.120171024151200. The impacted element is an unknown function of the file home/web/ipc of the component CGI Endpoint. Performing a manipulation results in missing authentication. Access to the local network is required for this attack...
Terrapack Arbitrary File Upload
Terrapack software suffers from an arbitrary file upload vulnerability that may allow attackers to execute arbitrary code. Affected software includes Terrapack TkWebCoreNG version 1.0.20200914, TKServerCGI version 2.5.4.150, and TpkWebGIS - Client version 1.0.0...
EUVD-2026-12275
A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function...
PT-2026-25589
A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function cgi create...
CVE-2026-29046
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...
TinyWeb 安全漏洞
TinyWeb is a simple and lightweight HTTP server developed by Konstantin Belyalov. Versions of TinyWeb prior to 2.04 contained security vulnerabilities. These vulnerabilities stemmed from the parser not strictly rejecting dangerous control characters in header lines and header values, which could...
Gateway API Authorization Bypass: Any Authenticated User Can Enumerate Secrets, Endpoints, and Model Definitions
This report is not public...
tomcat: Apache Tomcat: Security constraint bypass for CGI scripts
A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...
tomcat: Apache Tomcat: Security constraint bypass for CGI scripts
A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...
CVE-2026-2565
A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument timezone causes stack-based buffer overflow. The attack can be initiated remotely. The attack is considered to have high...
CVE-2026-25480
Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord substitution without separators, creating key collisions. When FileStore is used as response-cache backend, an unauthenticated remo...
CVE-2026-22905
An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences e.g., /js/../cgi-bin/post.cgi, gaining unauthorized access to protected CGI endpoints and configuration downloads...
PT-2026-7083
An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences e.g., /js/../cgi-bin/post.cgi, gaining unauthorized access to protected CGI endpoints and configuration downloads...
PPC 2K05X 安全漏洞
The PPC 2K05X is an industrial router produced by the American company PPC. The PPC 2K05X v1.1.9206L version contains a security vulnerability. This vulnerability stems from improper handling of user input by the Universal Gateway Interface component, which may lead to storage-based cross-site...
EUVD-2025-206812
A stored cross-site scripting XSS vulnerability exists in the web management interface of the PPC Belden ONT 2K05X router running firmware v1.1.9206L. The Common Gateway Interface CGI component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary...
CVE-2025-14550
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. ASGIRequest allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not...
TOTOLINK A7000R Command Injection Vulnerability
TOTOLINK A7000R is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A7000R version 4.1cu.4154 contains a command injection vulnerability. This vulnerability arises from incorrect handling of the parameter FileName in the file /cgi-bin/cstecgi.cgi, which may lead to command...
CVE-2026-1156
A vulnerability was determined in Totolink LR350 9.3.5u.6369B20220309. Affected by this issue is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : Apache HTTP Server vulnerabilities (USN-7968-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7968-1 advisory. It was discovered that the Apache HTTP Server incorrectly handled failed ACME certificate renewals. This could result in renewal...