CVE-2026-11523

A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. Th...

CVE-2026-36799

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the portalAuth parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

Tenda W15E 安全漏洞

The Tenda W15E is a wireless router produced by the Chinese company Tenda. The version 15.11.0.10 of the Tenda W15E contains a security vulnerability. This vulnerability stems from a buffer overflow in the gotoUrl parameter of the formPortalAuth function, which could allow attackers to cause...

CVE-2026-11523

A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. Th...

EUVD-2026-35080

A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. Th...

CVE-2026-11523

The vulnerability CVE-2026-11523 affects Tenda W20E firmware version 15.11.0.6, in the Web Management Interface function formPortalAuth (file /goform/PortalAuth). Manipulating the argument gotoUrl can trigger a stack-based buffer overflow. Exploitation can be performed remotely, and a public expl...

PT-2026-47308

A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. Th...

CVE-2026-3943 H3C ACG1000-AK230 aaa_portal_auth_local_submit command injection

A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaaportalauthlocalsubmit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public and could be used...

PT-2026-24667

🚨 CVE-2026-3943 A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaa portal auth local submit. The manipulation of the argument suffix results in command injection. The attack can be launched remotely. The exploit has been made public...

TP-Link Omada gateways 安全漏洞

TP-Link Omada gateways is a security gateway from China P&L TP-Link. A security vulnerability exists in TP-Link Omada gateways, which stems from a possible command injection attack on administrators after Web portal authentication...

EUVD-2022-28513

Malicious code in bioql PyPI...

EUVD-2024-54121

Malicious code in bioql PyPI...

CVE-2025-4581

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authentication blind SSRF vulnerability in the...

CVE-2021-37172

A vulnerability has been identified in SIMATIC S7-1200 CPU family incl. SIPLUS variants V4.5.0. Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication an...

CVE-2025-23194

SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidentiality or availability of the application...

CVE-2024-8000

On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade ASU restart. Note: supplicants with pending...

CVE-2024-8000

On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade ASU restart. Note: supplicants with pending...

CVE-2024-8000

CVE-2024-8000 affects Arista EOS platforms with 802.1X enabled. When a multi-line dynamic ACL is received from the external AAA server, an ASU restart may install only the first line of the ACL, potentially impacting supplicants with captive portal during ASU. Affected EOS trains include 4.32.x, ...

CVE-2024-7584

A vulnerability, which was classified as critical, was found in Tenda i22 1.0.0.34687. Affected is the function formApPortalPhoneAuth of the file /goform/apPortalPhoneAuth. The manipulation of the argument data leads to buffer overflow. It is possible to launch the attack remotely. The exploit ha...

Tenda i22 安全漏洞

The Tenda i22 is a dual-band ceiling-mounted wireless access point from Tenda. Tenda i22 /goform/apPortalAuth Handling formApPortalWebAuth A stack overflow vulnerability exists that can be exploited by a remote attacker to submit a special request that can crash the application or can be used to...