1229 matches found
CVE-2026-1341
Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control...
CVE-2026-1341 Missing Authentication for Critical Function in Avation Light Engine Pro
Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control...
*Avation Light Engine Pro *
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take full control of the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...
Avation Light Engine Pro 访问控制错误漏洞
Avation Light Engine Pro is a high-performance search and navigation enhancement plugin developed by the Australian company Avation. Avation Light Engine Pro has a security vulnerability related to access control. This vulnerability arises from the fact that its configuration and control interfac...
WordPress Light Poll plugin <= 1.0.0 - Polls Deletion via CSRF vulnerability
Polls Deletion via CSRF vulnerability discovered by Vuln Seeker Cybersecurity Team in WordPress Plugin Light Poll versions = 1.0.0...
AZL-76352 CVE-2026-24829 affecting package fltk 1.3.8-1
Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4...
CVE-2026-1419
A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. The attack may be launched remotely. The exploit has...
AZL-75833 CVE-2026-24799 affecting package fltk 1.3.5-4
Out-of-bounds Write, Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in davisking dlib dlib/external/zlib modules. This vulnerability is associated with program files inflate.C. This issue affects dlib: before v19.24.9...
AZL-75818 CVE-2026-24799 affecting package fltk 1.3.8-1
Out-of-bounds Write, Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in davisking dlib dlib/external/zlib modules. This vulnerability is associated with program files inflate.C. This issue affects dlib: before v19.24.9...
CVE-2026-1419
A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. The attack may be launched remotely. The exploit has...
CVE-2026-1419
A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. The attack may be launched remotely. The exploit has...
CVE-2026-1419 D-Link DCS700l Web Form setDayNightMode command injection
A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. The attack may be launched remotely. The exploit has...
PT-2026-4722
A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. The attack may be launched remotely. The exploit has...
D-Link DCS700l command injection vulnerability
The D-Link DCS700l is a wireless cloud network camera from D-Link Corporation. The D-Link DCS700l version 1.03.09 has a command injection vulnerability. This vulnerability stems from incorrect operations on the parameter “LightSensorControl” in the file /setDayNightMode, which may lead to command...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004877)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004877 advisory. In the Linux kernel, the following vulnerability has been resolved: iio: light: isl29028: Fix the warning in isl29028remove The driver use the non-managed form of th...
Azure Linux 3.0 Security Update: fltk (CVE-2016-10087)
The version of fltk installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2016-10087 advisory. - The pngsettext2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before...
WordPress Gotham Block Extra Light plugin cross-site scripting vulnerability
The WordPress Gotham Block Extra Light plugin is a tool for detecting if ad blocking software such as AdBlock is enabled in a visitor's browser. The WordPress Gotham Block Extra Light plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...
CVE-2025-15020
The Gotham Block Extra Light plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.5.0 via the 'ghostban' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on...
WordPress Gotham Block Extra Light plugin <= 1.5.0 - Authenticated (Contributor+) Arbitrary File Read via 'ghostban' Shortcode vulnerability
Authenticated Contributor+ Arbitrary File Read via 'ghostban' Shortcode vulnerability discovered by 0x34rth in WordPress Plugin Gotham Block Extra Light versions = 1.5.0...
CVE-2025-15020
The Gotham Block Extra Light plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.5.0 via the 'ghostban' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on...