CVE-2026-31166

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi...

EUVD-2025-27412

Malicious code in bioql PyPI...

Tenda W30E UploadCfg Function Buffer Overflow Vulnerability

Tenda W30E is an enterprise-grade wireless router from Tenda Technology designed for SOHO, small and micro businesses and small stores. The Tenda W30E suffers from a buffer overflow vulnerability, which originates from the failure of the v17 parameter in the UploadCfg function to properly validat...

CVE-2025-57085

Tenda W30E V16.01.0.19 5037 was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-57085

Tenda W30E V16.01.0.19 5037 was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2022-45147

A vulnerability has been identified in SIMATIC PCS neo V4.0 All versions, SIMATIC STEP 7 V16 All versions, SIMATIC STEP 7 V17 All versions, SIMATIC STEP 7 V18 All versions V18 Update 2. Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable...

CVE-2024-53564

A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded valid FreePBX module files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what high-privilege administrators are...

CVE-2022-45147

A vulnerability has been identified in SIMATIC PCS neo V4.0 All versions, SIMATIC STEP 7 V16 All versions, SIMATIC STEP 7 V17 All versions, SIMATIC STEP 7 V18 All versions V18 Update 2. Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable...

CVE-2024-24331

CVE-2024-24331 affects TOTOLINK A3300R, specifically version 17.0.0cu.557_B20221024, where a command-injection flaw exists in the setWiFiScheduleCfg function via the enable parameter. The issue is rated with high impact (CVSS v3.1: CRITICAL, 9.8) across confidentiality, integrity, and availabilit...

CVE-2023-46284

A vulnerability has been identified in Opcenter Execution Foundation All versions V2407, Opcenter Quality All versions V2312, SIMATIC PCS neo All versions V4.1, SINEC NMS All versions V2.0 SP1, Totally Integrated Automation Portal TIA Portal V14 All versions, Totally Integrated Automation Portal...

PT-2023-7778 · Siemens · Opcenter Quality +4

Name of the Vulnerable Software and Affected Versions: Opcenter Execution Foundation versions prior to V2407 Opcenter Quality versions prior to V2312 SIMATIC PCS neo versions prior to V4.1 SINEC NMS versions prior to V2.0 SP1 Totally Integrated Automation Portal TIA Portal V14 Totally Integrated...

PT-2023-7780 · Siemens · Opcenter Quality +4

Name of the Vulnerable Software and Affected Versions: Opcenter Execution Foundation versions prior to V2407 Opcenter Quality versions prior to V2312 SIMATIC PCS neo versions prior to V4.1 SINEC NMS versions prior to V2.0 SP1 Totally Integrated Automation Portal TIA Portal V14 Totally Integrated...

Format string

The Baxter Spectrum WBM v16, v16D38 and Baxter Spectrum WBM v17, v17D19, v20D29 to v20D32 when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information...

Baxter Spectrum 格式化字符串错误漏洞

Baxter Spectrum is an infusion pump from Baxter USA. A format string error vulnerability exists in the Baxter Sigma and Baxter Spectrum Infusion Pumps that stems from its susceptibility to a format string attack delivered via an application message resulting in an attacker being able to use it to...

MAL-2022-2523 Malicious code in discordjs-selfbot-v17 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6771fcbd58fced1845cbd27f104f62bddbb843df7d63d2d3af7e28cd5be0df63 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in discordjs-selfbot-v17 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6771fcbd58fced1845cbd27f104f62bddbb843df7d63d2d3af7e28cd5be0df63 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-40363

A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions V17 Update 2,...

January 10th 2022 Security Releases

January 10th 2022 Security Releases Update 10-Jan-2022 Security releases available Updates are now available for the v17.x, v16.x, v14.x, and v12.x Node.js release lines for the following issues. Improper handling of URI Subject Alternative Names MediumCVE-2021-44531 Accepting arbitrary Subject...

CVE-2021-32460

CVE-2021-32460 affects Trend Micro Maximum Security 2021 (v17). The vulnerability is an improper access control flaw in the installer/console that grants local attackers with existing user access the ability to escalate privileges (up to SYSTEM). The issue arises from incorrect permissions on sen...

Announcing the BlueHat v17 Schedule

September is here! The dash from the close of the call for papers to now has been amazing. We had nearly two hundred submissions spanning the gamut of security topics and presenters. The result is a solid schedule that will challenge and educate all attendees. On behalf of the content advisory...