CVE-2026-31150

Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources...

EUVD-2026-19269

Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources...

CVE-2026-31150

Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources...

CVE-2026-31150

Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources...

Kaleris Yard Management Solutions 安全漏洞

Kaleris Yard Management Solutions is a management system developed by the American company Kaleris, designed to optimize the scheduling of station vehicles and logistics operations. Version 7.2.2.1 of Kaleris Yard Management Solutions contains a security vulnerability. This vulnerability stems fr...

CVE-2026-31150

CVE-2026-31150 affects Kaleris YMS v7.2.2.1 and is due to incorrect access control that allows authenticated users with only the shipping/receiving role to view the truck dashboard resources. The issue is documented with a PoC/exploitation flag in the metrics, indicating practical exploitability ...

CVE-2026-31150

Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources...

PT-2026-30611

Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources...

CVE-2025-15230

A vulnerability was found in Tenda M3 1.0.0.134903. Affected by this issue is the function formSetVlanPolicy of the file /goform/setVlanPolicyData. Performing a manipulation of the argument qvlantruckport results in heap-based buffer overflow. Remote exploitation of the attack is possible. The...

CVE-2025-15230

A vulnerability was found in Tenda M3 1.0.0.134903. Affected by this issue is the function formSetVlanPolicy of the file /goform/setVlanPolicyData. Performing a manipulation of the argument qvlantruckport results in heap-based buffer overflow. Remote exploitation of the attack is possible. The...

EUVD-2025-205692

A vulnerability was found in Tenda M3 1.0.0.134903. Affected by this issue is the function formSetVlanPolicy of the file /goform/setVlanPolicyData. Performing manipulation of the argument qvlantruckport results in heap-based buffer overflow. Remote exploitation of the attack is possible. The...

CVE-2025-15230 Tenda M3 setVlanPolicyData formSetVlanPolicy heap-based overflow

A vulnerability was found in Tenda M3 1.0.0.134903. Affected by this issue is the function formSetVlanPolicy of the file /goform/setVlanPolicyData. Performing a manipulation of the argument qvlantruckport results in heap-based buffer overflow. Remote exploitation of the attack is possible. The...

EUVD-2010-4325

Malware in sbrugna...

meyertruckcenter.com Cross Site Scripting vulnerability OBB-3926583

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

truckpartsphoenix.com Cross Site Scripting vulnerability OBB-3669603

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Daimler Truck: Default credential to login at site management panel

Summary: Hi Team During recon on shodan I came across an IP pointing towards lre.daimlertruck.com Here is the shodan link https://www.shodan.io/host/20.219.79.49 On port 8443, there was a login panel at https://20.219.79.49:8443/Site/ and using default credential admin admin I was able to login...

Daimler Truck: Server-based source code disclosures

URL: https://www.bharatbenz.com/TEST.PHP CWE: CWE-538 CVSS: 7.5-CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N One or more pages disclosing source code were found. This check is using pattern matching to determine if server side tags are found in the file. In some cases this alert may generate fals...

Daimler Truck: Time-based SQL Injection

CWE: CWE-89 CVSS: 9.1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N URL: www.bharatbenz.com//dealer/0'XORifnow=sysdate,sleep20,0XOR'Z QL injection SQLi refers to an injection attack wherein an attacker can execute malicious SQL statements that control a web application's database server. Impact ...

Daimler Truck: CSRF + XSS REFLECT

Hello Daimler Truck Team! I found a reflected XSS at https://www.truck-privilege.daimlertruck.com/auth/lostLogin To make it reflected, CSRF - Cross-Site request Forgery was used together. An attacker can create a malicious website and trick the user into opening it, when the user opens it, he is...

SUSE CVE-2007-4938

Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry...