CVE-2026-5003

PromtEngineer localGPT (up to commit 4d41c7d1713b16b216d8e062e51a5dd88b20b054) is affected by a vulnerability in the handle_index function of rag_system/api_server.py within the Web Interface component. The defect enables information disclosure and can be exploited remotely; the exploit is public...

CVE-2019-11060

The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service DoS by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time...

CVE-2019-11063 SmartHome application has a broken access control vulnerability in its Web API Server

A broken access control vulnerability in SmartHome app Android versions up to 3.0.42190515, ios versions up to 2.0.22 allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway HG100 via http://target/smarthome/devicecontrol witho...

CVE-2019-11061 HG100 has a broken access control vulnerability in its Web API Server

A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://target/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 Confidentiality, Integrity...