1155115 matches found
IServ Schoolserver User Enumeration
IServ Schoolserver suffers from a user enumeration vulnerability. The vendor does not feel this is an issue...
CVE-2026-16095
A flaw has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. Affected by this issue is the function setupconntrack of the file /sbin/rc. Executing a manipulation of the argument cttcptimeout can lead to out-of-bounds write. The attack may be performed from remote. This project is supersed...
CVE-2026-16085
A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. Affected is the function NewContextBuilder of the file pkg/agent/context.go. Such manipulation leads to inclusion of functionality from untrusted control sphere. The attack needs to be performed locally. The exploit has be...
CVE-2026-16095
A flaw has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. Affected by this issue is the function setupconntrack of the file /sbin/rc. Executing a manipulation of the argument cttcptimeout can lead to out-of-bounds write. The attack may be performed from remote. This project is supersed...
CVE-2026-16095 Shibby Tomato rc setup_conntrack out-of-bounds write
A flaw has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. Affected by this issue is the function setupconntrack of the file /sbin/rc. Executing a manipulation of the argument cttcptimeout can lead to out-of-bounds write. The attack may be performed from remote. This project is supersed...
EUVD-2026-45359
A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This affects the function webhook.ParseRequest of the file pkg/channels/line/line.go of the component LINE Webhook. The manipulation results in authentication bypass by capture-replay. The attack may be launched remotely. The...
EUVD-2026-45358
A vulnerability was identified in Sipeed PicoClaw up to 0.2.9. The impacted element is the function ExecTool.executeRun of the file pkg/agent/pipelineexecute.go. The manipulation of the argument cwe leads to time-of-check time-of-use. The attack must be carried out locally. The exploit is publicl...
EUVD-2026-45367
A weakness has been identified in Sipeed PicoClaw up to 0.2.9. This impacts the function webfetch of the file pkg/tools/integration/web.go. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been made available to the public and...
EUVD-2026-45357
A vulnerability was determined in Sipeed PicoClaw up to 0.2.9. The affected element is an unknown function of the file web/backend/api/auth.go. Executing a manipulation can lead to cross-site request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be...
CVE-2026-16084
A weakness has been identified in Sipeed PicoClaw up to 0.2.9. This impacts the function webfetch of the file pkg/tools/integration/web.go. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been made available to the public and...
CVE-2026-16083
A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This affects the function webhook.ParseRequest of the file pkg/channels/line/line.go of the component LINE Webhook. The manipulation results in authentication bypass by capture-replay. The attack may be launched remotely. The...
CVE-2026-16082
A vulnerability was identified in Sipeed PicoClaw up to 0.2.9. The impacted element is the function ExecTool.executeRun of the file pkg/agent/pipelineexecute.go. The manipulation of the argument cwe leads to time-of-check time-of-use. The attack must be carried out locally. The exploit is publicl...
CVE-2026-16085
A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. Affected is the function NewContextBuilder of the file pkg/agent/context.go. Such manipulation leads to inclusion of functionality from untrusted control sphere. The attack needs to be performed locally. The exploit has be...
EUVD-2026-45368
A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. Affected is the function NewContextBuilder of the file pkg/agent/context.go. Such manipulation leads to inclusion of functionality from untrusted control sphere. The attack needs to be performed locally. The exploit has be...
CVE-2026-16085 Sipeed PicoClaw context.go NewContextBuilder inclusion of functionality from untrusted control sphere
A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. Affected is the function NewContextBuilder of the file pkg/agent/context.go. Such manipulation leads to inclusion of functionality from untrusted control sphere. The attack needs to be performed locally. The exploit has be...
CVE-2026-16084 Sipeed PicoClaw web.go web_fetch server-side request forgery
A weakness has been identified in Sipeed PicoClaw up to 0.2.9. This impacts the function webfetch of the file pkg/tools/integration/web.go. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been made available to the public and...
CVE-2026-16084
Affected software/hardware: Sipeed PicoClaw (up to version 0.2.9). Vulnerable component: function web_fetch in pkg/tools/integration/web.go. Root cause: manipulation enabling server-side request forgery (SSRF). Impact: remote exploitation possible with low attack complexity and network access; ab...
deep-pentest-skill
Deep Pentest Skill !License: MIThttps://img.shields.io/bad...
CVE-2026-16083
Affected software: Sipeed PicoClaw up to version 0.2.9, specifically the LINE Webhook component (webhook.ParseRequest in pkg/channels/line/line.go). Vulnerability: Authentication bypass via capture-replay. Remote exploitable condition reported; exploit released publicly. Impact: Authentication by...
CVE-2026-16083 Sipeed PicoClaw LINE Webhook line.go webhook.ParseRequest authentication replay
A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This affects the function webhook.ParseRequest of the file pkg/channels/line/line.go of the component LINE Webhook. The manipulation results in authentication bypass by capture-replay. The attack may be launched remotely. The...