CVE-2026-39394

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index controller reads the host POST parameter without any validation and passes it directly into updateEnvSettings, which...

CVE-2019-25372 OPNsense 19.1 Reflected XSS via diag_traceroute.php

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diagtraceroute.php to execute...

CVE-2025-47366

Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input...

GHSA-4C65-9GQF-4W8H Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool

Summary A command injection vulnerability is present in the function tool runsshcommandwithcredentials available to AI agents. Details This is the source code of the function tool runsshcommandwithcredentials code: python @functiontool def runsshcommandwithcredentials host: str, username: str,...

CVE-2025-60699

A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592B20191022ALL within the global.so binary. The getSaveConfig function retrieves the httphost parameter from user input via websGetVar and copies it into a fixed-size stack buffer v13 using strcpy without...

CVE-2025-60699

A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592B20191022ALL within the global.so binary. The getSaveConfig function retrieves the httphost parameter from user input via websGetVar and copies it into a fixed-size stack buffer v13 using strcpy without...

CVE-2025-60699

A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592B20191022ALL within the global.so binary. The getSaveConfig function retrieves the httphost parameter from user input via websGetVar and copies it into a fixed-size stack buffer v13 using strcpy without...

PT-2025-46901

Name of the Vulnerable Software and Affected Versions TOTOLINK A950RG Router firmware versions prior to V5.9c.4592 B20191022 ALL Description A buffer overflow issue exists in the global.so binary of the TOTOLINK A950RG Router firmware. The getSaveConfig function retrieves the http host parameter...

TOTOLINK LR350 安全漏洞

TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the failure of the httphost parameter in the...

NETGEAR EX6200 安全漏洞

NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The NETGEAR EX6200 suffers from a buffer overflow vulnerability that originates from the sub503FC function parameter host failing to properly validate the length of the input data, which can be exploited by an attacker to execute...

NETGEAR EX6120 安全漏洞

The NETGEAR EX6120 is a wireless extender from NETGEAR. The NETGEAR EX6120 suffers from a buffer overflow vulnerability that stems from the sub30394 function parameter host failing to properly validate the length and size of input data, which can be exploited by an attacker to execute arbitrary...

TOTOLINK LR350 安全漏洞

TOTOLINK LR350 is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK LR350 suffers from a buffer overflow vulnerability that originates from the failure of the httphost parameter in the loginAuth function to properly validate the length and size of the input data, which can be...

TOTOLINK N200RE 安全漏洞

The TOTOLINK N200RE is a router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK N200RE version 9.3.5u.6139B20201216, which originates from the failure of the httphost parameter of the loginAuth function of /cgi-bin/cstecgi.cgi to properly validate th...

PT-2023-13452 · Cambium · Cambium Enterprise Wi-Fi System

Name of the Vulnerable Software and Affected Versions: Cambium Enterprise Wi-Fi System Software versions prior to 6.4.2 Description: The issue is related to the lack of sanitization of the ping host argument in the device-agent of the Cambium Enterprise Wi-Fi System Software. This can potentially...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets, which arises from a buffer copy without checking the input size in the FM host, a memory corruption in the FM host, and a failure to check the input size in the FM host...

PT-2023-7467 · Apache · Apache Airflow Drill Provider

Name of the Vulnerable Software and Affected Versions: Apache Airflow Drill Provider versions prior to 2.3.2 Description: The issue is related to improper input validation in the Apache Airflow Drill Provider. This can allow a remote attacker to impact the confidentiality of protected information...

SUSE CVE-2022-31626

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdomysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can...

CVE-2020-3557

A vulnerability in the host input API daemon of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit...

PT-2020-4717 · Cisco · Cisco Firepower Management Center (Fmc)

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: A vulnerability in the host input API daemon of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to caus...

CVE-2019-1398

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1397...