16 matches found
CVE-2026-54317
Insight (CVE-2026-54317): The Home Assistant Konnected integration exposes an unauthenticated GET endpoint (/api/konnected/device/{device_id}) that reveals alarm-panel state and topology on the LAN. Write operations (POST/PUT) enforce a Bearer token against configured access tokens, but GET reque...
CVE-2026-7679
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...
CVE-2026-7679
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...
CVE-2026-7679
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...
EUVD-2026-26814
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...
CVE-2026-7679 YunaiV yudao-cloud OAuth2TokenServiceImpl.java getAccessToken improper authentication
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...
CVE-2026-7679
YunaiV yudao-cloud (up to 2026.01) is affected. The flaw resides in OAuth2TokenServiceImpl.java (getAccessToken) where manipulation leads to improper authentication. The issue is exploitable remotely with a PROOF-OF-CONCEPT exploit and no remediation details are provided in the available document...
CVE-2013-10063 Netgear SPH200D <= 1.0.4.80 Path Traversal via HTTP GET
A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions = 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive...
kernel: NFSD: Finish converting the NFSv2 GETACL result encoder
A flaw was identified in the Linux kernel’s NFSD NFSv2 GETACL result encoder. During conversion to xdrstream, leftover code erroneously set the pagelen field of the send buffer. The XDR stream encoders are expected to manage buffer length automatically, and the incorrect manual setting can result...
CVE-2022-46585
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the REMOTEUSER parameter in the getaccess sub45AC2C function...
PT-2022-27913 · Trendnet · Trendnet Tew755Ap
Name of the Vulnerable Software and Affected Versions: TRENDnet TEW755AP version 1.13B01 Description: A stack overflow issue was discovered via the REMOTE USER parameter in the get access sub 45AC2C function. Recommendations: For TRENDnet TEW755AP version 1.13B01, consider restricting access to t...
TRENDnet TEW-755AP 缓冲区错误漏洞
The TRENDnet TEW-755AP is a router from TRENDnet. The TRENDnet TEW-755AP suffers from a stack overflow vulnerability that stems from a lack of size checking of input data in the REMOTEUSER parameter of the getaccess sub45AC2C function, which can be exploited by an attacker to execute arbitrary co...
PT-2022-6942 · Argo Cd · Argo Cd
Name of the Vulnerable Software and Affected Versions: Argo CD versions 1.3.0 through 2.1.10 Argo CD versions 2.2.0 through 2.2.5 Argo CD versions 2.3.0 and earlier, excluding 2.3.0 itself as it is a fixed version Description: The issue is related to a path traversal bug compounded by an improper...
CVE-2020-25988
UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 P4410-V2–1.34H has an action 'XGetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent...
DEBIAN-CVE-2019-0201
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider...
paypal/permissions-sdk-php cross-site scripting vulnerability
paypal/permissions-sdk-php is a PHP-based Paypal payment software development kit. A cross-site scripting vulnerability exists in the 'verificationcode' parameter of the samples/GetAccessToken.php file in paypal/permissions-sdk-php. A remote attacker could exploit this vulnerability to execute co...