CVE-2026-10292

A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used...

PT-2026-45608

A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/formFireWall. This manipulation of the argument Profile causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be...

CVE-2026-42186

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...

CVE-2025-68604

Cross-Site Request Forgery CSRF vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3...

CVE-2026-7513

A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

Fedora 42 : openbao (2026-c008e6a5da)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c008e6a5da advisory. Update to upstream 2.5.3, fix CVE-2026-34986, CVE-2026-39388, CVE-2026-39396, CVE-2026-40264 Tenable has extracted the preceding description block...

CVE-2026-7513

A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2026-7512 UTT HiPER 1200GW formUser strcpy buffer overflow

A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used...

CVE-2026-40264 OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation

OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3...

CVE-2026-40264

OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3...

CVE-2026-39396

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. ...

CVE-2026-39396

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. ...

CVE-2026-39388

OpenBao (open source identity-based secrets management) prior to version 2.5.3 contains a flaw in the Certificate authentication method: when a token renewal is requested with disable_binding=true, the system attempts to verify that the presented mTLS certificate matches the original. Due to inco...

OpenBao 信任管理问题漏洞

OpenBao is an open-source sensitive data management software developed by OpenBao. Versions of OpenBao prior to 2.5.3 had vulnerabilities related to trust management. These vulnerabilities stemmed from incorrect matching during certificate authentication when renewing tokens. This allowed attacke...

PT-2026-33884

Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.3 Description OpenBao is an open source identity-based secrets management system. In the PostgreSQL database secrets engine, the system fails to use proper database quoting on schema names provided by PostgreSQL...

OPENSUSE-SU-2026:10594-1 openbao-2.5.3-1.1 on GA media

These are all security issues fixed in the openbao-2.5.3-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-32379

A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation of the argument NatBind leads to buffer overflow. The attack is possible to be carried out remotely. The exploit...

UTT HiPER 1200GW 安全漏洞

UTT HiPER 1200GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1200GW prior to 2.5.3-170306 contained security vulnerabilities. These vulnerabilities were caused by incorrect handling of parameters in the file/goform/formNatStaticMap, specifically the parameter...

EUVD-2026-19594

Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3...

WordPress Ocean Extra plugin <= 2.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Ocean Extra versions = 2.5.3...