CVE-2026-8689

The CVE concerns the Visualizer: Tables and Charts Manager for WordPress plugin (WordPress) with versions up to 3.11.14. Root cause: missing capability checks on renderChartPages() and uploadData(), enabling certain AJAX actions (wp_ajax_visualizer-create-chart, wp_ajax_visualizer-edit-chart, and...

AI-Accelerated Brute Force Cryptanalysis

Modern cryptography is hinged on "not learning from mistakes": trying numerous wrong keys, should not help one identify the right key. Indeed, it worked -- until recently when the surprising power of AI to see pattern in apparent randomness has turned the 'wrong plaintexts' generated by the 'wron...

CVE-2026-22320

A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...

CVE-2026-22320 Stack-Based Buffer Overflow in TFTP File-Transfer Command Handling over CLI

A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...

CVE-2026-22316

A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack...

CVE-2026-28777

International Datacasting Corporation IDC SFX2100 Satellite Receiver, trivial password for the user usr account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH access to the system, while intially dropped into a restricted shell, an attacker can trivially spawn a...

EUVD-2026-9372

International Datacasting Corporation IDC SFX2100 Satellite Receiver, trivial password for the user usr account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH access to the system, while intially dropped into a restricted shell, an attacker can trivially spawn a...

CVE-2026-28777

International Datacasting Corporation IDC SFX2100 Satellite Receiver, trivial password for the user usr account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH access to the system, while intially dropped into a restricted shell, an attacker can trivially spawn a...

CVE-2026-28777

International Datacasting Corporation IDC SFX2100 Satellite Receiver, trivial password for the user usr account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH access to the system, while intially dropped into a restricted shell, an attacker can trivially spawn a...

PT-2026-22879

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX2100 Satellite Receiver affected versions not specified Description The SFX2100 Satellite Receiver has a default, easily guessable password for the user usr account. An unauthenticated remote attack...

CVE-2026-21620 TFTP Path Traversal

Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...

Open TFTP Server MultiThreaded 安全漏洞

Open TFTP Server MultiThreaded is a TFTP protocol file transfer tool developed by achaldhir as an individual developer. Version 1.7 of Open TFTP Server MultiThreaded contains a security vulnerability. This vulnerability stems from a heap buffer overflow in the processRequest function, which may...

PT-2026-7890

Name of the Vulnerable Software and Affected Versions Open TFTP Server MultiThreaded version 1.7 Description A heap buffer overflow exists in the processRequest function of Open TFTP Server MultiThreaded. This issue can be triggered by sending a crafted DATA packet, potentially leading to a Denia...

CVE-2026-25519

OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external ID...

CVE-2026-25519 OpenSlides has incorrect access control vulnerability in authentication service

OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external ID...

CVE-2026-25519

OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external ID...

curl: Integer-underflow leads to heap over-read in TFTP implementation

libcurl on commit 3ee1d3b573e6ea36fb478dbd0d9913483b900928 contains a vulnerability in its TFTP implementation that can cause curl or a libcurl-user to send heap memory beyond the bounds of an allocated chunk to a malicious TFTP server. The vulnerability lies in lib/tftp.c, in function...

CVE-2021-31885

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and...

TFTP Fetch, Linux Execute Command

Fetch and execute an RISC-V 32-bit payload from a TFTP server. Execute an arbitrary command Module Options msf use payload/cmd/linux/tftp/riscv32le/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec ru...

TFTP Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an RISC-V 64-bit payload from a TFTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/tftp/riscv64le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show...