3866 matches found
CVE-2026-2054
A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the publi...
EUVD-2026-5663
A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the publi...
PT-2026-6721
Name of the Vulnerable Software and Affected Versions D-Link DIR-605L version 2.06B01 D-Link DIR-619L version 2.06B01 D-Link DIR-605L version 2.13B01 D-Link DIR-619L version 2.13B01 Description A security issue exists in D-Link DIR-605L and DIR-619L. The issue resides in an unknown function withi...
D-Link DIR-605L 访问控制错误漏洞
The D-Link DIR-605L is a wireless router produced by D-Link Corporation. The D-Link DIR-605L versions 2.06B01/2.13B01 and DIR-619L versions 2.06B01/2.13B01 have a vulnerability related to access control. This vulnerability stems from incorrect operations on the Wifi Setting Handler component, whi...
CVE-2025-68643
Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...
CVE-2020-37132
CVE-2020-37132 affects UltraVNC Launcher 1.2.4.0. The vulnerability is a denial-of-service condition in the password configuration properties: a local attacker can crash the launcher by entering an overly long 300-character string as a password. The issue is described in multiple connected source...
CVE-2025-68643
Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...
EPSON WF-2861 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2018-18959)
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then the device no longe...
CVE-2026-1622
Neo4j Enterprise and Community editions prior to 2026.01.3 and 5.26.21 are affected by CVE-2026-1622. The vulnerability stems from the obfuscate_literals setting in query logs failing to redact error information, allowing a user with access to local log files to view unredacted data when queries ...
Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox
Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative artificial intelligence GenAI features. "It provides a single place to block current and future generative AI features in Firefox," Ajit Varma, head of...
BIT-DISCOURSE-2026-21865 Discourse topic conversion permission vulnerability for moderators
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can convert some personal messages to public topics when they shouldn't have access. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a...
Innomic VibroLine Series 访问控制错误漏洞
The Innomic VibroLine Series is a professional vibration measurement and analysis system developed by the German company Innomic. The Innomic VibroLine Series has a access control vulnerability, where unverified remote attackers can obtain full access to affected devices. This occurs because thes...
CVE-2026-1638
A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results in command injection. The attack can be executed remotely. The exploit has been released to...
CVE-2026-24742
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...
CVE-2026-24742
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...
CVE-2026-24742 Discourse staff action logs expose sensitive information to moderators
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...
EUVD-2026-4869
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...
CVE-2026-24742 Discourse staff action logs expose sensitive information to moderators
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...
CVE-2025-68933 Discourse non-admin moderators can exfiltrate private content via post ownership transfer
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators with the moderatorschangepostownership setting enabled can change ownership of posts in private messages and restricted categories they cannot access, then export...
CVE-2025-68933
CVE-2025-68933 (Discourse) is a broken access control vulnerability affecting Discourse versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. Non-admin moderators with the moderators_change_post_ownership setting enabled can change ownership of posts in private messages and restricted cate...