CVE-2026-9051

There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure. Successful exploitation requires an attacker to send...

CVE-2026-8620

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request...

CVE-2026-8633

CVE-2026-8633 affects IBM WebSphere Application Server and WebSphere Application Server Liberty when using the optional Web Server Plug-ins for WebSphere. The VULN allows remote code execution through a specially crafted request in the plug-ins (CWE-94). Affected products are the Web Server Plug-...

EUVD-2020-2359

Malware in sbrugna...

CVE-2024-5560

CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request...

Commerce Alphabank Redirect - Moderately critical - Access bypass - SA-CONTRIB-2025-067

This module enables you to pay for Commerce order to an environment provided and secured by the bank The module doesn't sufficiently verify the payment status on canceled orders. An attacker can issue a specially crafted request to update the order status to completed...

AC23 Denial of Service Vulnerability in Shenzhen Jixiang Tengda Technology Co.

The AC23 is a wireless router that provides high-speed wireless network connectivity. A denial of service vulnerability exists in the AC23 of Shenzhen Jixiang Tengda Technology Co. The vulnerability stems from improper handling of the getuid parameter by the /goform/VerAPIMant component. An...

CVE-2024-54805

Netgear WNR854T 1.5.2 North America is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter getemail. After which, they can visit the sendlog.cgi endpoint which uses the parameter in a system call to achieve command execution...

CVE-2024-54803

Netgear WNR854T 1.5.2 North America is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter pppoepeermac and forcing a reboot. This will result in command injection...

The vulnerability in the web interface of TP-Link Archer A20 micro-programming software allows a hacker to execute arbitrary code.

The vulnerability of the web interface for managing TP-Link Archer A20 wireless routers involves a lack of measures taken to protect the website structure. Exploiting this vulnerability allows an attacker to execute arbitrary code, provided that the user specifically submits a specially crafted G...

Vulnerability of the UI module for business management in Bitrix24 and the 1C-Bitrix content management system: A module that allows attackers to execute arbitrary code

Vulnerability of the UI module for business management in Bitrix24 and the 1C-Bitrix website content management system: Website management involves failing to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a speciall...

CVE-2024-31408

OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request...

Security Bulletin: IBM Master Data Management is vulnerable to denial of service through OpenSSL by a specially crafted request (CVE-2023-2650)

Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to denial of service through OpenSSL by a specially crafted request from no message size limit. OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJobj2txt directly, or use any of the OpenSSL subsystems...

CVE-2024-47401 DoS via Amplified GraphQL Response in Playbooks

Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1 and 9.5.x = 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response which in turn could cause the application to crash by...

CVE-2024-47401 DoS via Amplified GraphQL Response in Playbooks

Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1 and 9.5.x = 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response which in turn could cause the application to crash by...

CVE-2024-47401

CVE-2024-47401 affects Mattermost Playbooks in versions 9.10.x up to 9.10.2, 9.11.x up to 9.11.1, and 9.5.x up to 9.5.9. The issue arises because the product does not prevent detailed error messages from being displayed, enabling an attacker to generate a large response and trigger an amplified G...

BIT-GRAFANA-2023-5122 SSRF in CSV Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests t...

IBM WebSphere Application Server 代码问题漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A code issue vulnerability exists in IBM WebSphere...

Advantech ADAM-5630 访问控制错误漏洞

The Advantech ADAM-5630 is an Edge Intelligent Data Acquisition Controller from Advantech China. The Advantech ADAM-5630 suffers from an access control error vulnerability that originates from the ability to execute built-in commands without authentication via a specially crafted request...

MacTaggart Scott: Overwrite any file of the web server

The web server was vulnerable to file overwrite due to a vulnerable module used to generate files. An attacker could have overwritten any file on the web server, including critical system files, by sending a specially crafted request...