CVE-2026-36610

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glib2 (UTSA-2026-021480)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021480 advisory. A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the...

EUVD-2026-29468

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

CVE-2026-42517

The CVE-2026-42517 entry affects the e-Sushrut HMIS system, where a vulnerability arises from using reversible Base64 encoding to protect sensitive data. The root cause is that sensitive parameters in the request URL are Base64-encoded rather than securely protected, allowing an authenticated att...

PT-2026-35889

Name of the Vulnerable Software and Affected Versions e-Sushrut affected versions not specified Description e-Sushrut uses reversible Base64 encoding to protect sensitive data. An authenticated attacker can decode and manipulate Base64-encoded parameters in the request URL to gain unauthorized...

CDAC e-Sushrut 安全漏洞

CDAC e-Sushrut is a system platform provided by the Indian CDAC company that handles hospital information management and medical process support. There is a security vulnerability in CDAC e-Sushrut. This vulnerability stems from the use of reversible Base64 encoding to protect sensitive data. It...

Linux Distros Unpatched Vulnerability : CVE-2026-6019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - http.cookies.Morsel.jsoutput returns an inline snippet and only escapes for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence...

BIT-DJANGO-2026-33033 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

EUVD-2026-21545

When calling base64.b64decode or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use...

PYSEC-2026-48

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

CVE-2026-31381 Gainsight Assist plugin information disclosure

An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL...

SUSE-SU-2026:20221-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing bsc1257354. - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64...

CVE-2026-22543

The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...

CVE-2026-22543

CVE-2026-22543 affects devices whose web server accepts credentials in Base64 in HTTP headers. The base64 credential transmission is not encryption, enabling an attacker who can observe the login request to obtain credentials. Connected sources (including Red Hat, CIRCL sighting, NVD, CNNVD, and ...

CVE-2025-54322

Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used...

EUVD-2025-34619

Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts...

CVE-2025-56748

Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts...

PT-2025-40853

Name of the Vulnerable Software and Affected Versions The Ultimate Addons for Elementor Formerly Elementor Header & Footer Builder versions prior to 2.5.0 Description The software does not properly sanitize SVG file contents when uploaded. This occurs when using the xmlrpc.php endpoint with base6...

PT-2024-9093 · Zabbix +4 · Zabbix +4

Name of the Vulnerable Software and Affected Versions: Zabbix affected versions not specified Description: The issue is related to a buffer overflow in the str base64 encode rfc2047 function of the Zabbix server, which is part of a universal monitoring system. This can be exploited by a remote...

PT-2022-5767 · Fortinet · Forticlient +2

Name of the Vulnerable Software and Affected Versions: FortiClient, FortiMail, and FortiOS AV engines versions 6.2.168 and below FortiClient, FortiMail, and FortiOS AV engines versions 6.4.274 and below Description: The issue is related to insufficient verification of data authenticity, which may...