CVE-2026-5526

CVE-2026-5526 affects Tenda 4G03 Pro devices (firmware up to 1.0/1.1/04.03.01.53/192.168.0.1). The vulnerability targets an unknown functionality of the /bin/httpd binary, causing improper access controls. Reported as exploitable remotely, with public exploit code available. Multiple connected so...

CVE-2025-59106

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands...

CVE-2025-59106

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands...

CVE-2025-59106

CVE-2025-59106 concerns the binary that serves the web server for the dormakaba access manager Web UI, which runs with root privileges. The underlying issue is least-privilege violation due to the Web UI binary executing actions with highest privileges, enabling direct command execution at root i...

EUVD-2025-206378

The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands...

CVE-2021-47806

Dup Scout 13.5.28 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Dup Scout Server\bin\dupscts.exe' to inject malicious executables...

CVE-2025-15255

A vulnerability was determined in Tenda W6-S 1.0.0.4510. This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has...

Improper Validation of Specified Quantity in Input

Overview nvidia-pytriton is a PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments. Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input n the EVBufferToJson function in the HTTP server component. An...

Improper Check for Unusual or Exceptional Conditions

Overview nvidia-pytriton is a PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the HTTPAPIServer::GetContentLength function in the HTTP server...

Double Free

Overview nvidia-pytriton is a PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments. Affected versions of this package are vulnerable to Double Free via the cancellation handling for gRPC non-decoupled inference. An attacker can cause a double free by...

Integer Overflow or Wraparound

Overview nvidia-pytriton is a PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments. Affected versions of this package are vulnerable to Integer Overflow or Wraparound via element count handling. An attacker could cause a denial of service and data tamperi...

Uncontrolled Recursion

Overview nvidia-pytriton is a PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments. Affected versions of this package are vulnerable to Uncontrolled Recursion via the ReadDataFromJsonHelper and JsonBytesArrayByteSize functions. An attacker can cause a...

CVE-2022-36306

An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still...

CVE-2025-3693

A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public an...

Tenda W12 安全漏洞

The Tenda W12 is a wireless router that provides wireless network connectivity. A buffer overflow vulnerability exists in Tenda W12 version 3.0.0.5, which originates from the cgiWifiRadioSet function in the /bin/httpd file that fails to properly validate input data when processing a specific...

Linux Distros Unpatched Vulnerability : CVE-2022-23853

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The LSP Language Server Protocol plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening ...

CVE-2024-36832

A NULL pointer dereference in D-Link DAP-1513 REVAFIRMWARE1.01 allows attackers to cause a Denial of Service DoS via a crafted web request without authentication. The vulnerability occurs in the /bin/webs binary of the firmware. When /bin/webs receives a carefully constructed HTTP request, it wil...

NewStart CGSL MAIN 6.06 : dhcp Vulnerability (NS-SA-2023-0091)

The remote NewStart CGSL host, running version MAIN 6.06, has dhcp packages installed that are affected by a vulnerability: - In ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16, ISC DHCP 4.4.0 - 4.4.2 Other branches of ISC DHCP i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series are...

Tenda AC23 Out-of-Bounds Write Vulnerability

Tenda AC23 is a home dual-band wireless router launched by Tenda, focusing on large home coverage and high-speed transmission, supporting 802.11acWave2 technology, dual-band concurrent rate up to 2033Mbps. Tenda AC23 suffers from an out-of-bounds write vulnerability, which originates from the...

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (sound4server) Hardcoded Credentials

Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...