687 matches found
Malicious code in home-mp-commons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 885b9dad73e9eeb07a1fcb4a94493ec85573f656f7b9347a8682f56db359cfd6 [email protected] is an empty npm package declared main index.js is absent from the tarball whose sole effect on install is to resolve a single...
CVE-2026-33802
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on EX Series allows a local, authenticated attacker to cause a Denial-of-Service DoS. On EX2300, EX4000, EX4100, EX4300-MP Multigigabit and EX4400 switches, an authenticated, local attacker with no specific permissions ...
CVE-2026-33802
Summary: CVE-2026-33802 is a Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on EX Series switches (EX2300, EX4000, EX4100, EX4300-MP, EX4400) that allows a locally authenticated attacker with no specific permissions to execute a privileged CLI command and trigger a Do...
SUSE-SU-2026:2644-1 Security update for frr
This update for frr fixes the following issues - CVE-2026-28532: Denial of Service due to integer overflow in OSPF TLV parser functions bsc1263859. - CVE-2026-37457: An off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function bgpd/bgpflowspecutil.c of FRRouting FRR...
gmp security and enhancement update
An update is available for gmp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gmp packages contain GNU MP, a library for arbitrary precision arithmetics,...
RLSA-2023:6661 Low: gmp security and enhancement update
The gmp packages contain GNU MP, a library for arbitrary precision arithmetics, signed integers operations, rational numbers, and floating point numbers. Security Fixes: gmp: Integer overflow and resultant buffer overflow via crafted input CVE-2021-43618 For more details about the security issues...
WordPress MP Customize Login Page plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin MP Customize Login Page versions = 1.0...
EUVD-2026-38196
A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. Th...
CVE-2026-12810
A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. Th...
CVE-2026-12810 Edimax BR-6478AC V2 POST Request mp command injection
A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. Th...
PT-2026-51257
Name of the Vulnerable Software and Affected Versions Edimax BR-6478AC V2 version 1.23 Description A security flaw in the POST Request Handler component allows for remote command injection. This occurs through the manipulation of the command argument within the mp function of the '/goform/mp'...
SUSE-SU-2026:2454-1 Security update for frr
This update for frr fixes the following issues Update to frr 8.5.7: - CVE-2026-5107: Fixed an improper access controls in EVPN Type-2 Route Handler bsc1261013. - CVE-2026-28532: Harden TE/SR TLV iteration against malformed lengths bsc1263859. - CVE-2026-37457: Fix off-by-one error in FlowSpec...
NULL Pointer Dereference
Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...
CVE-2026-8774
A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack may be performed from remote. The exploit is now public...
CVE-2026-9228
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the actiongeteventdata due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
MINI-RH2M-43MP-5VMP
Bulletin has no description...
CVE-2026-48688
A flaw was found in FastNetMon Community Edition. Multiple out-of-bounds read vulnerabilities exist within the BGP MPREACHNLRI IPv6 attribute decoder. A remote attacker could exploit these flaws by sending specially crafted BGP messages, which could lead to information disclosure or a denial of...
CVE-2026-9228 Timetable and Event Schedule by MotoPress <= 2.4.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via action_get_event_data Function
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the actiongeteventdata due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
EUVD-2026-32705
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the actiongeteventdata due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
CVE-2026-9228 Timetable and Event Schedule by MotoPress <= 2.4.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via action_get_event_data Function
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the actiongeteventdata due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...