CVE-2026-23819 Error in SSID Processing allows Stored XSS in Web Management Interface

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to...

CVE-2026-23819

CVE-2026-23819 affects Access Points running AOS-10 and AOS-8 Instant, targeting the web-based management interface. The vulnerability arises from SSID processing in the web UI, enabling an unauthenticated remote attacker to inject and execute arbitrary JavaScript in a victim’s browser within the...

CVE-2026-31780

A flaw was found in the Linux kernel's wilc1000 Wi-Fi driver. An integer overflow vulnerability exists in the calculation of the SSID scan buffer size. This can lead to a heap buffer overflow when processing multiple Service Set Identifiers SSIDs, potentially allowing a local attacker to cause a...

EUVD-2013-1287

Malware in sbrugna...

CVE-2025-2341

CVE-2025-2341 affects IROAD Dash Cam X5 (up to 20250203). The issue involves processing of a component SSID that can be manipulated to use default credentials. Exploitation requires local-network access with high attack complexity; the exploit has been disclosed publicly. Multiple sources (NVD, R...

CVE-2018-16333

An issue was discovered on Tenda AC7 V15.03.06.44CN, AC9 V15.03.05.196318CN, AC10 V15.03.06.23CN, AC15 V15.03.05.19CN, and AC18 V15.03.05.196318CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is...

JVN#71088919: applican vulnerable to script injection

applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in processing SSID. Impact When an application built using applican processes a specially crafted SSID, an arbitrary scri...