CVE-2023-24215

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...

PT-2026-41704

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...

CVE-2023-24215

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...

CVE-2023-24215

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...

CVE-2023-24215

CVE-2023-24215 concerns the NOVUS AirGate 4G firmware v1.1.16, where an incorrect access control on the /uci/get/ endpoint allows unauthenticated attackers to obtain administrator credentials via a crafted POST request. The CVSS3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) yields a base score ...

NOVUS Automation AirGate 4G firmware 安全漏洞

NOVUS Automation AirGate 4G firmware is an industrial IoT gateway firmware system developed by NOVUS Automation in Brazil. Version 1.1.16 of NOVUS Automation AirGate 4G firmware contains a security vulnerability. This vulnerability stems from improper endpoint access control in the /uci/get/...

CVE-2023-24215

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...

CVE-2025-70329

TOTOLink X5000R v9.1.0cu2415B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd executable. The vlanVidLan1 and other vlanVidLanX parameters are retrieved via UciGetStr and passed to the CsteSystem function without adequate validation or...

EUVD-2015-8826

Malware in sbrugna...

EUVD-2025-5784

Malicious code in bioql PyPI...

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23368)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability, which originates from the incorrect operation of the function ucidel on the parameter delvalue in the file /goform/deleteprohibiting, which can be exploited by an...

CVE-2025-11100 D-Link DIR-823X set_wifi_blacklists uci_set command injection

A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uciset of the file /goform/setwifiblacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

CVE-2025-11100

CVE-2025-11100 affects D-Link DIR-823X (firmware 250416). The uci_set function in /goform/set_wifi_blacklists is vulnerable to remote command injection; exploitation can occur over the network and a public exploit exists. Several sources (NVD, Red Hat, CNVD, CVE lists) confirm remote exploitation...

CVE-2025-11099

A vulnerability was determined in D-Link DIR-823X 250416. The impacted element is the function ucidel of the file /goform/deleteprohibiting. This manipulation of the argument delvalue causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed...

CVE-2025-11099

CVE-2025-11099 affects D-Link DIR-823X (firmware 250416). The vulnerability resides in the uci_del function of /goform/delete_prohibiting, where tampering with the delvalue parameter enables remote command injection. Exploitation can be performed remotely, and a public exploit has been disclosed....

CVE-2025-11099 D-Link DIR-823X delete_prohibiting uci_del command injection

A vulnerability was determined in D-Link DIR-823X 250416. The impacted element is the function ucidel of the file /goform/deleteprohibiting. This manipulation of the argument delvalue causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed...

Linux Distros Unpatched Vulnerability : CVE-2015-8972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess aka gnuchess before 6.2.4 might allow context-dependent attackers to...

Human-Centered Interactive Anonymization for Privacy-Preserving Machine Learning: a Case for Human-Guided K-Anonymity

Privacy-preserving machine learning ML seeks to balance data utility and privacy, especially as regulations like the GDPR mandate the anonymization of personal data for ML applications. Conventional anonymization approaches often reduce data utility due to indiscriminate generalization or...

CVE-2024-45167

An issue was discovered in UCI IDOL 2 aka uciIDOL or IDOL2 through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service DoS attacks and possibly remote code execution...

CVE-2024-45165

An issue was discovered in UCI IDOL 2 aka uciIDOL or IDOL2 through 2.12. Data is sent between client and server with encryption. However, the key is derived from the string "c2007 UCI Software GmbH B.Boll" without quotes. The key is both static and hardcoded. With access to messages, this results...