895 matches found
W&B Weave Server - Remote Arbitrary File Leak
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin. id:...
PT-2026-48200
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteID parameter of the formModifyWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
Tenda W3 安全漏洞
The Tenda W3 is a wireless access point device produced by the Chinese company Tenda. Version 1.0.0.32204 of the Tenda W3 Wireless Router contains a security vulnerability. This vulnerability stems from a stack overflow in the param1 parameter within the formSetCfm function, which could allow...
MINI-G7J4-CMRH-W899
Bulletin has no description...
CVE-2026-10192
A vulnerability was identified in Tenda W12 3.0.0.74763. The affected element is the function setlocaltime0 of the file /bin/httpd. Such manipulation of the argument Time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used...
MINI-QCMF-5Q35-F56W
Bulletin has no description...
MINI-JC72-RF4W-99MP
Bulletin has no description...
MINI-CRC9-G57F-W7MF
Bulletin has no description...
MINI-QXM4-5W44-P25X
Bulletin has no description...
CVE-2026-4008
A flaw has been found in Tenda W3 1.0.0.32204. This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotel...
Malicious Package
Overview alinet-w is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious code in alinet-w (npm)
Package is malware due to ransomware-like behavior: file encryption, key exfiltration, terminal locking, ransom note, and persistence attempts. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c18fd7e3ffa16f370fa25fcc489c381958d8200bf01cd8bf3627c91301eb397 The...
2026.1 IPU, UEFI Reference Firmware Advisory
Summary: A potential security vulnerability in UEFI for some Intel Reference Platforms may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerability. Vulnerability Details: CVEID: CVE-2025-20096 Description: Improper input validation in the UEFI...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005142)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005142 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: call the securitymmapfile LSM hook in remapfilepages The remapfilepages syscall handler call...
Azure Linux 3.0 Security Update: kernel (CVE-2024-47745)
"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47745 advisory. - In the Linux kernel, the following vulnerability has been resolved: mm: call the securitymmapfile LSM hook ...
PT-2026-3042
Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vulnerability using boolean-based, error-based, and time-based blind SQL injection techniques to...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001872)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001872 advisory. The aiomount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intende...
CLSA-2025-1765289483 elfutils: Fix of 3 CVEs
CVE-2025-1352: fix memory corruption when using -w option with a specially crafted input file - CVE-2025-1365: fix buffer overflow when using the -D and -a options with a specially crafted input file - CVE-2025-1372: fix buffer overflow when using the -z and -x options with a specially crafted...
GHSA-5J98-MCP5-4VW2
creationtimestamp| type| source ---|---|--- 2025-12-02 03:16:32+00:00| seen| https://gist.github.com/deepak-chowdry/3da737fb0b4c63ed1bfe586c677e4860 2025-12-07 15:01:49+00:00| seen| https://gist.github.com/pxlvoid/2dee87e481533f31473871df69b485dc...
CVE-2019-25226 Dongyoung Media DM-AP240T/W Unauthenticated Configuration Disclosure
Dongyoung Media DM-AP240T/W wireless access points contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/syssystemconfig management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication or authorization. T...