CVE-2026-8903

The Two-factor authentication formerly IP Vault plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the ipvsavechanges function. This makes it possible for unauthenticated attackers to...

CVE-2026-8903 Two-factor authentication (formerly IP Vault) <= 2.1 - Cross-Site Request Forgery to Settings Update

The Two-factor authentication formerly IP Vault plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the ipvsavechanges function. This makes it possible for unauthenticated attackers to...

EUVD-2024-35349

Malicious code in bioql PyPI...

CVE-2024-35519

Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operatingmode.cgi via the apmode parameter...

CVE-2024-35522

Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operatingmode.cgi via the apmode parameter with ap24gmanual set to 1 and ap24gmanualsec set to NotNone...

The vulnerability in the operating_mode.cgi script of NETGEAR EX3700 microprogramming devices allows a hacker to execute arbitrary commands.

The vulnerability of the operatingmode.cgi script in NETGEAR EX3700 microprogramming devices is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the apmode parameter...

The vulnerability in the operating_mode.cgi script of NETGEAR’s router microprogramming devices EX6120, EX6100, and EX3700 allows a hacker to execute arbitrary commands.

The vulnerability of the operatingmode.cgi script in NETGEAR’s microprogrammed router devices, such as EX6120, EX6100, and EX3700, is related to the lack of measures taken to protect data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2024-35519

Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operatingmode.cgi via the apmode parameter...

CVE-2024-35519

Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operatingmode.cgi via the apmode parameter...

CVE-2024-35519

Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operatingmode.cgi via the apmode parameter...

CVE-2024-35522

Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operatingmode.cgi via the apmode parameter with ap24gmanual set to 1 and ap24gmanualsec set to NotNone...

CVE-2024-35522

Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operatingmode.cgi via the apmode parameter with ap24gmanual set to 1 and ap24gmanualsec set to NotNone...

CVE-2024-35522

Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operatingmode.cgi via the apmode parameter with ap24gmanual set to 1 and ap24gmanualsec set to NotNone...

PT-2024-7222 · NetGear · Netgear Ex3700

Name of the Vulnerable Software and Affected Versions: Netgear EX3700 versions prior to 1.0.0.98 Description: The issue is related to a lack of input sanitization in the operating mode.cgi script of the NETGEAR EX3700 router's firmware. This can be exploited by a remote attacker to execute...

Re: Cisco IOS VTP issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, This is a Cisco response to an advisory published by FX of Phenoelit posted as of September 13, 2006 at: http://www.securityfocus.com/archive/1/445896/30/0/threaded and entitled "Cisco Systems IOS VTP multiple vulnerabilities". An official...