677 matches found
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-1366)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : tcpbpf: Call skmsgfree when tcpbpfsendverdict fails to allocate psock-cork.CVE-2025-39913 md: fix rcu protection in mdwakeupthreadCVE-2025-68374...
CVE-2026-2671
A vulnerability was detected in Mendi Neurofeedback Headset V4. Affected by this vulnerability is an unknown functionality of the component Bluetooth Low Energy Handler. Performing a manipulation results in cleartext transmission of sensitive information. The attack can only be performed from the...
CVE-2026-2671 Mendi Neurofeedback Headset Bluetooth Low Energy cleartext transmission
A vulnerability was detected in Mendi Neurofeedback Headset V4. Affected by this vulnerability is an unknown functionality of the component Bluetooth Low Energy Handler. Performing a manipulation results in cleartext transmission of sensitive information. The attack can only be performed from the...
CVE-2019-25492
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database...
CVE-2019-25493
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...
CVE-2019-25494
Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the...
CVE-2019-25492
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database...
CVE-2019-25491
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to the admin/cmsgetpagetitle.php endpoint with malicious catid values to extract sensitive...
CVE-2019-25490
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive...
CVE-2019-25493
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...
CVE-2019-25494 Homey BNB V4 SQL Injection Authentication Bypass via Admin Panel
Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the...
CVE-2019-25494
Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the...
CVE-2019-25494
CVE-2019-25494 affects Homey BNB V4 and involves an SQL injection vulnerability in the administration panel login. Unauthenticated attackers can bypass authentication by injecting SQL into the username and password fields, potentially gaining unauthorized admin access. Public references indicate ...
CVE-2019-25490
Homey BNB V4 contains an unauthenticated SQL injection vulnerability in admin/edit.php, exploitable via the id parameter. Time-based payloads can manipulate queries to extract sensitive database information. The description notes high impact on confidentiality and low impact on integrity, with no...
CVE-2019-25490 Homey BNB V4 SQL Injection via admin edit.php
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive...
CVE-2019-25489
CVE-2019-25489 — Normal mode Impacting: Homey BNB V4. The vulnerability is a SQL injection in the hosting_id parameter used by the rooms/ajax_refresh_subtotal endpoint. It allows unauthenticated attackers to manipulate database queries, potentially exfiltrating sensitive data and causing a denial...
PT-2026-22357
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting id parameter. Attackers can send GET requests to the rooms/ajax refresh subtotal endpoint with malicious hosting id values to extract...
PT-2026-22362
Name of the Vulnerable Software and Affected Versions Homey BNB version 4 Description Homey BNB V4 contains an SQL injection flaw in the administration panel login. Unauthenticated attackers can bypass authentication by injecting SQL syntax into the username and password fields. Attackers can...
Vaelsys V4 操作系统命令注入漏洞
Vaelsys V4 is an artificial intelligence video analysis platform developed by the Spanish company Vaelsys. Version 4.1.0 of Vaelsys V4 contains a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter xajaxargs in the...
A single post-release of dydx-v4-client contained obfuscated multi-stage loader
A PyPI user account compromised by an attacker and was able to upload a malicious version 1.1.5.post1 of the dydx-v4-client package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible...