63 matches found
EUVD-2026-42645
A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted SETUP request. The RTSP service's second-stage URL routing parser fails to validate the length of the URL fiel...
EUVD-2026-41432
AutoBangumi before 3.2.8 contains a server-side request forgery SSRF vulnerability that allows unauthenticated remote attackers to probe internal network services by supplying arbitrary host values to an unprotected setup endpoint. Attackers can send requests to the POST...
EUVD-2026-33468
A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack can be...
CVE-2026-45344
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...
PT-2026-44544
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities stemmed from bypassing plugin trust mechanisms, allowing attackers to circumvent the expected trust levels when...
CVE-2026-41459
CVE-2026-41459 (Xerte Online Toolkits) affects versions 3.15 and earlier. An information disclosure vulnerability allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root by requesting the /setup page, where the exposed root_path value is rendered ...
EUVD-2026-19835
ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...
CVE-2026-39337
ChurchCRM CVE-2026-39337 describes a pre-authentication remote code execution in the setup wizard (before/around initial installation) that allows unauthenticated code injection due to unsanitized $dbPassword. This is a remediation of an incomplete fix for CVE-2025-62521 and is fixed in version 7...
CVE-2026-4477
A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.120171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack can only be done within the local network. This attack is...
CVE-2026-3037
The CVE-2026-3037 entry concerns XWEB Pro, affected through version 1.12.1 and earlier. The connected documents confirm an OS command injection vulnerability that allows an authenticated attacker to achieve remote code execution by injecting malicious input into the MBird SMS service URL and/or c...
PT-2026-6836
Name of the Vulnerable Software and Affected Versions 3DP-MANAGER versions 2.0.1 and prior Description 3DP-MANAGER, an inbound generator for 3x-ui, automatically creates an administrative account with default credentials admin/admin upon initial setup. An attacker with network access to the...
PT-2025-51867
Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 5.21.0 Description ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution issue exists in the setup wizard. Unauthenticated attackers can inject...
CVE-2025-11084
A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period...
CVE-2025-11084
A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period...
CVE-2025-11084
CVE-2025-11084 affects Rockwell Automation’s DataMosaix Private Cloud. The issue allows bypassing MFA during initial setup and obtaining a valid login-token cookie without a user password when MFA is enabled but not completed within 7 days. This can lead to account takeover and credential exposur...
CVE-2025-11295 Belkin F9K1015 formPPPoESetup buffer overflow
A flaw has been found in Belkin F9K1015 1.00.10. This affects an unknown part of the file /goform/formPPPoESetup. This manipulation of the argument pppUserName causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was...
EUVD-2025-25257
Malicious code in bioql PyPI...
EUVD-2021-30181
Malicious code in bioql PyPI...
EUVD-2024-40726
Malicious code in bioql PyPI...