32 matches found
EUVD-2026-13796
Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the...
CVE-2026-33054
Mesop is a Python-based UI framework that allows users to build web applications. Versions 1.2.2 and below contain a Path Traversal vulnerability that allows any user supplying an untrusted statetoken through the UI stream payload to arbitrarily target files on the disk under the standard...
Security update for glibc
This update for glibc fixes the following issues: CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr bsc1256822, BZ 33802 CVE-2025-15281: posix: Reset wordexpt fields with WRDEREUSE bsc1257005, BZ 33814 CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp bsc1246965,...
CVE-2024-38970
vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function...
CVE-2024-48176
Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of login attempts, and the verification code will not be refreshed after a failed login, which allows attackers to blast the username and password and log into the system backend...
CVE-2024-48176
Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of login attempts, and the verification code will not be refreshed after a failed login, which allows attackers to blast the username and password and log into the system backend...
CVE-2024-48176
Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of login attempts, and the verification code will not be refreshed after a failed login, which allows attackers to blast the username and password and log into the system backend...
CVE-2024-48176
CVE-2024-48176 affects Lylme Spage v1.9.5 and is due to Incorrect Access Control. The vulnerability allows unlimited login attempts and failure-logged-in verification code is not refreshed, enabling brute-force-style credential guessing to access the system backend. CVSS v3.1 base score 9.8 (CRIT...
CVE-2024-38970
vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function...
CVE-2024-38970
vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function...
CVE-2024-38971
vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting XSS in the system backend...
CVE-2024-38970
The CVE-2024-38970 entries describe a vulnerability in vaeThink 1.0.2 where information disclosure can occur through the system backend, specifically via the access management administrator function. Available sources consistently identify the affected software (vaeThink 1.0.2) and the impact as ...
CVE-2024-38970
vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function...
CVE-2024-38971
CVE-2024-38971 affects vaeThink 1.0.2 and is a stored XSS vulnerability in the system backend. Multiple sources (Red Hat, NVD, OSV, CNNVD, CVE lists) confirm the issue; exploitation details are not provided in the documents. Some connected sources (PT-Security) advise temporarily disabling the ba...
CVE-2024-38970
vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function...
CVE-2024-38971
vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting XSS in the system backend...
Weak Password Vulnerability in Belkin's EA6500
The EA6500 is a router product from Belkin. A weak password vulnerability exists in the Belkin EA6500, which can be exploited by an attacker to log into the system backend and perform unauthorized operations...
Weak Password Vulnerability in TP-LINK Archer-C7 Router
P&T Technologies Ltd. is a leading global provider of network communication equipment. A weak password vulnerability exists in the Archer-C7 router, which can be exploited by an attacker to log into the system backend and perform unauthorized operations...
Weak password vulnerability in TP-LINK TL-WR743ND router
P&T Technologies Ltd. is a leading global provider of network communication equipment. A weak password vulnerability exists in the TL-WR743ND router, which can be exploited by an attacker to log into the system backend and perform unauthorized operations...
Weak password vulnerability in TP-LINK TL-WA801ND router
P&T Technologies Ltd. is a leading global provider of network communication equipment. A weak password vulnerability exists in the TL-WA801ND router, which can be exploited by an attacker to log into the system backend and perform unauthorized operations...