3768 matches found
Cisco IOS XE WLC - Arbitrary File Upload
A vulnerability in the Out-of-Band Access Point AP Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.This vulnerability is due to the presence of a hard-coded JSON Web...
CVE-2026-61875
The vulnerability is in luci-app-upnp (OpenWrt LuCI) and is a stored cross-site scripting (XSS) flaw in the UPnP IGD AddPortMapping SOAP request. An unauthenticated LAN client can submit malicious HTML in the NewPortMappingDescription field; miniupnpd stores it and luci-app-upnp renders it withou...
EUVD-2026-42291
An OS command injection vulnerability exists in the sub34984 function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lanipv6prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remo...
CVE-2026-24699
An OS command injection vulnerability exists in the sub34984 function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lanipv6prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remo...
CVE-2026-24699
An OS command injection vulnerability exists in the sub34984 function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lanipv6prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remo...
foreman: Foreman: Information disclosure via improper validation of nested request parameters
A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...
foreman: Foreman: Information disclosure via improper validation of nested request parameters
A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...
CVE-2026-56766
A flaw was found in Hydra. A malicious server can exploit a stack buffer overflow vulnerability in the NTLM authentication modules by sending a specially crafted NTLM Type-2 challenge. This can lead to an overflow of a stack buffer, potentially enabling remote code execution on systems that lack...
SUSE CVE-2026-56766
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...
GHSA-RP72-5V5Q-2446 @cardano402/mcp-server missing spending limits, LAN-exposed HTTP transport, and SSRF via catalog.server.url
Summary @cardano402/mcp-server versions = 0.1.1 ship three security gaps that can lead to unauthorized fund movement when the package is used as designed an MCP server exposing Cardano payment tools to an Impact 1. No spending limits on signed payments An LLM or prompt-injected LLM calling tools...
CVE-2026-56766
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...
CVE-2026-56766 Hydra - Stack Buffer Overflow in NTLM Authentication Handler
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Networks: Bridge: MST: Fixed suspicious RCU usage in brmstsetstate. I converted brmstsetstate to RCU to avoid a vlan use-after-free, but I forgot to change the vlangroupdereferencehelper. I switched to using the...
EUVD-2026-37876
A Reflected Cross-Site Scripting XSS vulnerability exists in LMS LAN Management System before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an...
CVE-2026-40457 Reflected XSS in LMS
A Reflected Cross-Site Scripting XSS vulnerability exists in LMS LAN Management System before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an...
EUVD-2026-37875
An OS Command Injection vulnerability exists in LMS LAN Management System before commit 9fcb4de due to an IP address parameter being passed to the "exec" function without proper validation, allowing attackers to execute arbitrary operating system commands...
CVE-2026-40456
An OS Command Injection vulnerability exists in LMS LAN Management System before commit 9fcb4de due to an IP address parameter being passed to the "exec" function without proper validation, allowing attackers to execute arbitrary operating system commands...
CVE-2026-40456 OS Command Injection in LMS
An OS Command Injection vulnerability exists in LMS LAN Management System before commit 9fcb4de due to an IP address parameter being passed to the "exec" function without proper validation, allowing attackers to execute arbitrary operating system commands...
CVE-2026-40455
Affected software: LMS (LAN Management System). Vulnerability: SQL Injection in the tarifflist.php module caused by insufficient sanitization of the POST tg[] parameter; the code concatenates user-supplied array values into an SQL query using implode(). Impact / access: authenticated attackers ca...
CVE-2026-48860
A flaw was found in Erlang/OTP. The inettlsdist:checkip/1 function, responsible for enforcing a LAN allowlist for Erlang distribution over TLS, incorrectly uses inet:sockname/1 instead of inet:peername/1 to obtain the peer's IP address. This allows an unauthenticated attacker, possessing a...