CVE-2026-41160

CVE-2026-41160 describes a Broken Access Control (IDOR) in EspoCRM prior to 9.3.5 where low-privilege users could pin notes without proper edit permissions due to a write-first, authorize-later flaw in the POST /api/v1/Note/{id}/pin path. The root cause is in application/Espo/Tools/Stream/Api/Pos...

CVE-2026-41160 EspoCRM: Broken Access Control / IDOR in Note Pinning API allows unauthorized modification of notes

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, a business logic flaw Broken Access Control in EspoCRM 9.3.3 allows low-privileged users to pin arbitrary notes without having the required edit permissions for the parent object. Due to a "write first,...

EUVD-2019-20028

WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Attackers can paste a large payload of 6000 bytes into the Name and Registration Code field to trigge...

WinMPG Video Convert 缓冲区错误漏洞

WinMPG Video Convert is a video file format conversion tool developed by the American company WinMPG. Versions of WinMPG Video Convert 9.3.5 and earlier contained a buffer error vulnerability. This vulnerability stemmed from a buffer overflow in the registration dialog box, which could allow loca...

CVE-2025-10207

Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5...

CVE-2024-48842

Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions...

CVE-2025-10207

Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5...

CVE-2025-10207 Authenticated File Disclosure/Delete

Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5...

CVE-2025-10207

CVE-2025-10207 affects ABB FLXEON controllers (through v9.3.5). The issue is due to improper input validation that could allow remote control of the device and arbitrary code execution, with high impact on confidentiality, integrity, and availability. Exploitation details are not provided in the ...

CVE-2024-48851 Remote Code Execution

Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation. This issue affects FLXEON: through 9.3.5...

CVE-2024-48842

Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions...

CVE-2025-10205 Predictable Salt and Weak Hashing Algorithm

Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. and newer versions...

CVE-2024-48842 Hardcoded passwords

Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions...

CVE-2024-48842 Hardcoded passwords

Use of Hard-coded Credentials vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5 and newer versions...

ABB FLXEON 信任管理问题漏洞

ABB FLXEON is a family of building automation controllers from ABB Switzerland. ABB FLXEON 9.3.5 and earlier versions and later versions are vulnerable to a trust management issue that stems from the use of hard-coded credentials...

PT-2025-38158

Name of the Vulnerable Software and Affected Versions: ABB FLXEON versions through 9.3.5 and newer versions Description: The product contains hard-coded credentials. Recommendations: Versions through 9.3.5 and newer versions: At the moment, there is no information about a newer version that...

TOTOLINK LR350 命令注入漏洞

TOTOLINK LR350 is a wireless router from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK LR350 version V9.3.5u.6369B20220309. An attacker can exploit this vulnerability to conduct a command injection attack via the ussd parameter of the setUssd method...

TOTOLINK N350RT 缓冲区错误漏洞

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK N350RT version V9.3.5u.6139B20201216, which stems from a pppoeUser parameter stack overflow issue...

TOTOLINK N350RT 缓冲区错误漏洞

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK N350RT version V9.3.5u.6139B20201216, which stems from a stack overflow issue in the setDiagnosisCfg method...

TOTOLINK N350RT 操作系统命令注入漏洞

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in the TOTOLINK N350RT version V9.3.5u.6139B20201216, which stems from a hostName parameter command injection issue in the setOpModeCfg method...