CVE-2026-36612

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...

CVE-2026-7608

A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function toolsdiagnostic. The manipulation results in os command injection. The exploit is now public and may be used. The vendor explains: "That firmware version will only work on our hardware version...

EUVD-2026-26774

A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized ...

EUVD-2026-26773

A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function toolsdiagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been publish...

EUVD-2026-26767

A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function toolsdiagnostic. The manipulation results in os command injection. The exploit is now public and may be used. The vendor explains: "That firmware version will only work on our hardware version...

CVE-2026-7606

TRENDnet TEW-821DAP firmware, version 1.12B01, contains a weakness in the Firmware Update Handler (functions find_hwid/new_gui_update_firmware). Crafting the dest argument enables insufficient verification of data authenticity. The vulnerability is remotely exploitable; exploitation is described ...

PT-2026-36595

A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools diagnostic. The manipulation results in os command injection. The exploit is now public and may be used. The vendor explains: "That firmware version will only work on our hardware version...

CVE-2020-29315

ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML...

TP-LINK Tapo H200 安全漏洞

TP-LINK Tapo H200 is a smart hub from China P&L TP-LINK. A security vulnerability exists in TP-Link Tapo H200 version V1, which stems from Wi-Fi credentials being stored in clear text, which could lead to credential disclosure...

PT-2024-35984 · Victure · Victure Rx1800 Wifi 6 Router

Name of the Vulnerable Software and Affected Versions: Victure RX1800 WiFi 6 Router version EN V1.0.0 r12 110933 Description: A problem was discovered in Victure RX1800 WiFi 6 Router devices, where a remote attacker in proximity to a Wi-Fi network can derive the default Wi-Fi PSK value via the la...

PT-2024-21415 · Hangzhou Xiongwei Technology Development Co. · Restaurant Digital Comprehensive Management Platform

Name of the Vulnerable Software and Affected Versions: Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform version v1 Description: The issue allows an attacker to bypass authentication and perform arbitrary password resets. Recommendations: For...

Code injection

some-natalie/ghas-to-csv GitHub Advanced Security to CSV is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom...

CVE-2022-39217 Improper Neutralization of Formula Elements in a CSV File in ghas-to-csv

some-natalie/ghas-to-csv GitHub Advanced Security to CSV is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom...

CVE-2022-29525

Rakuten Casa version APFV141 or APFV200 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation...

PT-2022-11208 · Unknown · Sourcecodester Budget/Expense Tracker System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Budget and Expense Tracker System version v1 Description: The issue allows attackers to execute arbitrary SQL commands via the username field, potentially leading to unauthorized data access or modification. There is no...

EU MRV Regulatory Complete Solution 1 - Authentication Bypass

EU MRV Regulatory Complete Solution 1 - Authentication Bypass Exploit Title: EU MRV Regulatory Complete Solution 1 - Authentication Bypass Date: 2018-05-24 Exploit Author: Veyselxan Vendor Homepage: https://codecanyon.net/item/eu-mrv-regulatory-complete-solution/21680923?srank=11 Version: v1...

EU MRV Regulatory Complete Solution 1 - Authentication Bypass

Exploit Title: EU MRV Regulatory Complete Solution 1 - Authentication Bypass Date: 2018-05-24 Exploit Author: Veyselxan Vendor Homepage: https://codecanyon.net/item/eu-mrv-regulatory-complete-solution/21680923?srank=11 Version: v1 REQUIRED Tested on: Windows...