49 matches found
CVE-2026-55677
Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...
CVE-2026-33244
A flaw was found in react-router. When using Framework Mode with pre-rendering enabled, an attacker can exploit improper handling of the HTTP Location header value. This can lead to Cross-Site Scripting XSS, allowing malicious scripts to be injected into statically generated HTML files if the...
CVE-2026-45632
Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, update, run, or delete schedules belonging to other organizations if they know the scheduleId/serverId...
EUVD-2026-33510
A flaw has been found in Tenda W12 3.0.0.74763. This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...
PT-2026-44936
Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, update, run, or delete schedules belonging to other organizations if they know the scheduleId/serverId...
PT-2026-36685
A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit ha...
PT-2026-25785
A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route set user policy rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. It is possible to launch the attack...
CVE-2026-3809
A flaw has been found in Tenda FH1202 1.2.0.14408. The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...
EUVD-2025-31076
Malicious code in bioql PyPI...
EUVD-2021-7608
Malicious code in bioql PyPI...
EUVD-2025-31144
Malicious code in bioql PyPI...
KuWFi CPF908-CP5 安全漏洞
KuWFi CPF908-CP5 is a WiFi router from KuWFi China. A security vulnerability exists in the KuWFi CPF908-CP5 WEB5.0LCD20210125 version, which stems from an unauthenticated access control vulnerability that could lead to the disclosure of sensitive information, modification of device settings, and...
The vulnerability of the recvUpgradeNewFw() function in TOTOLINK CA600-PoE router’s software allows a hacker to execute arbitrary commands.
The vulnerability of the recvUpgradeNewFw function in TOTOLINK CA600-PoE router microprogramming software is related to the lack of measures taken to clean data at the management level when processing the fwUrl parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
The vulnerability of the NTPSyncWithHost() function in TOTOLINK CA600-PoE router’s software allows a hacker to execute arbitrary code.
The vulnerability of the NTPSyncWithHost function in TOTOLINK CA600-PoE router microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
D-Link DIR-880L 安全漏洞
The D-Link DIR-880L is a dual-band Gigabit wireless router from China's AUO D-Link. The D-Link DIR-880L suffers from a command injection vulnerability, which arises from the failure of the file /htdocs/ssdpcgi in the component Request Header Handler to correctly filter the constructed command...
H3C GR-3000AX 安全漏洞
The H3C GR-3000AX is an enterprise-grade Wi-Fi 6 wireless router from China's Xinhua San H3C. A security vulnerability exists in H3C GR-3000AX V100R006 and prior versions, which originates from a buffer overflow due to improper handling of the parameter param in multiple functions in...
Tenda FH1202 Access Control Error Vulnerability (CNVD-2025-08907)
The Tenda FH1202 is a wireless router from Tenda China. The Tenda FH1202 is vulnerable to an access control error vulnerability that stems from improper access control. No detailed vulnerability details are available at this time...
TP-LINK WR845N 安全漏洞
The TP-LINK WR845N is a wireless router from China P&L TP-LINK. A security vulnerability exists in the TP-LINK WR845N version V4200909 and version V4190219, which originates from transmitting user credentials in plain text after performing a restore of factory settings...
The vulnerability in the wizpppoe.cgi script of the microprogramming software for Netgear XR300, R7000P, and R6400 v2 allows a hacker to cause a service failure.
The vulnerability in the wizpppoe.cgi microprogramming software of Netgear XR300, R7000P, and R6400 v2 lies in the copying of buffers without checking the size of input data during the processing of the pppoelocalip parameter. Exploiting this vulnerability allows a malicious actor to cause servic...
The vulnerability in the geniepppoe.cgi script of Netgear’s router software models R7000P and R6400 v2 allows a hacker to cause a service failure.
The vulnerability in the geniepppoe.cgi microprogramming software for Netgear XR300, R7000P, and R6400 v2 lies in the copying of buffers without checking the size of input data during the processing of the pppoelocalip parameter. Exploiting this vulnerability allows a malicious actor to cause...