609 matches found
EUVD-2026-40166
ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...
Linux Distros Unpatched Vulnerability : CVE-2026-39199
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file. CVE-2026-39199 Note that Nessus relies on the presence of the package a...
CVE-2026-39199
snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file...
DEBIAN-CVE-2026-39199
snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file...
UBUNTU-CVE-2026-39199
snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file...
CVE-2026-39199
snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file...
CVE-2026-39199
snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file...
PT-2026-50249
Name of the Vulnerable Software and Affected Versions snes9x version 1.63 Description An out-of-bounds write occurs when loading a ROM alongside a crafted .ups patch file, which can lead to a denial of service and cause the emulator to crash. Recommendations At the moment, there is no information...
CVE-2024-58348
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary...
CVE-2024-58348 WordPress Background Image Cropper 1.2 Remote Code Execution
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary...
CVE-2026-10065
A weakness has been identified in Shibby Tomato 1.28. This vulnerability affects the function getupsfield of the file tomatodata.cgi. Executing a manipulation of the argument Date can lead to stack-based buffer overflow. It is possible to launch the attack remotely. This project is superseded by...
CVE-2025-71318
NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...
CVE-2025-71318 NetMan 204 Missing Authentication for Administrative Functions
NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...
CVE-2025-71318
CVE-2025-71318 concerns NetMan 204, where authentication is not enforced on administrative pages and command endpoints. A remote, unauthenticated attacker can directly access pages (e.g., administration.html, administration-commands.html, configuration.html) to disclose sensitive details such as ...
RIELLO UPS NetMan 信任管理问题漏洞
Riello UPS NetMan is a network adapter developed by the Italian company Riello UPS. The Riello UPS NetMan 204 has a vulnerability related to trust management. This vulnerability stems from a hardcoded backdoor account with a username and password of “eurek”. Unauthenticated remote attackers can...
CVE-2026-10066
The CVE concerns Shibby Tomato versions up to 1.28, specifically the UPS Service component. It affects the function sub_9068 in tomatoups.cgi, causing a stack-based buffer overflow that can be triggered remotely. The project is superseded by FreshTomato and targets products no longer supported by...
CVE-2026-10066
A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. This project is superseded by...
CVE-2026-10066 Shibby Tomato UPS Service tomatoups.cgi sub_9068 stack-based overflow
A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. This project is superseded by...
CVE-2026-10065 Shibby Tomato tomatodata.cgi get_ups_field stack-based overflow
A weakness has been identified in Shibby Tomato 1.28. This vulnerability affects the function getupsfield of the file tomatodata.cgi. Executing a manipulation of the argument Date can lead to stack-based buffer overflow. It is possible to launch the attack remotely. This project is superseded by...
CVE-2026-10065
A weakness has been identified in Shibby Tomato 1.28. This vulnerability affects the function getupsfield of the file tomatodata.cgi. Executing a manipulation of the argument Date can lead to stack-based buffer overflow. It is possible to launch the attack remotely. This project is superseded by...