GeoVision LPC2011和GeoVision LPC2211 安全漏洞

Both GeoVision LPC2011 and GeoVision LPC2211 are network monitoring control devices produced by the Chinese company GeoVision. The version 1.10 of GeoVision LPC2011 and GeoVision LPC2211 contain security vulnerabilities. These vulnerabilities stem from the privilege escalation in the Web Interfac...

GeoVision LPC2011和GeoVision LPC2211 跨站脚本漏洞

Both GeoVision LPC2011 and GeoVision LPC2211 are network monitoring devices produced by the Chinese company GeoVision. Version 1.10 of GeoVision LPC2011 and GeoVision LPC2211 contain a cross-site scripting vulnerability. This vulnerability stems from the ssi.cgi function in the Web Interface, whi...

Nginx UI 访问控制错误漏洞

Nginx UI is a web interface for Nginx developed by Jacky. In versions 2.0.0 to 2.3.8 of Nginx UI, there was an access control vulnerability. This vulnerability stemmed from the fact that the public/api/install endpoint required no authentication during the first run, allowing unauthenticated...

PT-2026-36736

Name of the Vulnerable Software and Affected Versions GeoVision LPC2011/LPC2211 version 1.10 Description A privilege escalation issue exists in the Web Interface functionality. A specially crafted HTTP request allows an attacker to execute privileged operations by visiting a specific webpage...

PT-2026-36740

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this...

GeoVision LPC2011和GeoVision LPC2211 跨站脚本漏洞

Both GeoVision LPC2011 and GeoVision LPC2211 are network monitoring control devices produced by the Chinese company GeoVision. Version 1.10 of GeoVision LPC2011 and GeoVision LPC2211 contains a cross-site scripting vulnerability. This vulnerability stems from multiple reflective cross-site script...

PT-2026-36733

Name of the Vulnerable Software and Affected Versions GeoVision LPC2011/LPC2211 version 1.10 Description The Web Interface functionality contains a flaw where session cookies are guessable. An attacker can use a series of specially crafted HTTP requests to brute-force these cookies, allowing them...

GeoVision LPC2011和GeoVision LPC2211 安全漏洞

Both GeoVision LPC2011 and GeoVision LPC2211 are network monitoring control devices produced by the Chinese company GeoVision. Version 1.10 of GeoVision LPC2011 and GeoVision LPC2211 contain security vulnerabilities. These vulnerabilities stem from predictable session cookies within the Web...

Astra Linux – Vulnerability in Chromium

Before version 91.0.4472.77, using “after free” in the WebUI in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...

OESA-2026-2197 cups security update

CUPS is the standards-based, open source printing system developed by Apple Inc. for UNIX®-like operating systems. CUPS uses the Internet Printing Protocol IPP to support printing to local and network printers. Security Fixes: OpenPrinting CUPS is an open source printing system for Linux and othe...

CVE-2026-7683 Edimax BR-6428nC Web setWAN command injection

A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has bee...

EUVD-2026-26821

A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has bee...

Edimax BR-6428nC 注入漏洞

The Edimax BR-6428nC is a multi-functional wireless broadband router produced by Edimax Corporation. Versions of Edimax BR-6428nC prior to 1.16 contained a vulnerability. This vulnerability stemmed from an unknown function in the component’s Web Interface, specifically the file/goform/setWAN, whi...

CVE-2026-7549

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=deletecustomer. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2026-4918

IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

PT-2026-36529

A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request...

EUVD-2026-26701

A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request...

Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities (cisco-sa-fmc-sql-injection-2qH6CcJd)

According to its self-reported version, Cisco Secure Firewall Management Center FMC is affected by multiple vulnerabilities. - Multiple vulnerabilities in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to...

CVE-2026-36960

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...

CVE-2026-36958

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...