PT-2026-24467

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.11.2 Description OliveTin provides access to predefined shell commands through a web interface. When the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename for these logs ...

EUVD-2025-208453

A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/startwindows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUISECRETKEY leads to insufficiently random values. It is possible to launch the attack...

DEBIAN-CVE-2026-0846

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

EUVD-2025-208380

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...

EUVD-2025-208381

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...

CVE-2025-41767

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...

CVE-2025-41767

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...

CVE-2025-41767 Signature bypass on update upload

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...

CVE-2025-41767

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...

CVE-2025-41767 Signature bypass on update upload

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR...

CVE-2026-3798

CVE-2026-3798 affects Comfast CF-AC100 with firmware 2.6.0.8. The vulnerability lies in function sub_44AC14 within /cgi-bin/mbox-config?method=SET&section=ping_config (Request Path Handler), enabling remote command injection. The issue is exploitable over networks, with public exploit availabilit...

PT-2026-24037

Name of the Vulnerable Software and Affected Versions UBR affected versions not specified Description A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass in the web interface. The issue resides in the wwwupdate.cgi method. Recommendations At the...

CVE-2026-30224

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...

PT-2026-23896

Name of the Vulnerable Software and Affected Versions Totolink N300RH versions 6.1.1353 B20190305 Description A flaw exists in the CGI Handler component of Totolink N300RH, specifically within the setWiFiWpsConfig function of the /cgi-bin/cstecgi.cgi file. This allows for operating system command...

[SECURITY] Fedora 44 Update: nextcloud-32.0.6-1.fc44

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

Fedora 45 : pcs (2026-acc29a96cf)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-acc29a96cf advisory. Automatic update for pcs-0.12.2-1.fc45. Changelog Thu Mar 5 2026 Michal Pospil - 0.12.2-1 - Rebased pcs to the newest major version see CHANGELOG.md...

CVE-2026-30223

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentication is configured using either "authJwtPubKeyPath" local RSA public key or "authJwtHmacSecret" HMAC secret, the configured audience value authJwtAud is not enforced during toke...

CVE-2026-30225

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...

CVE-2026-30233

Technical details for CVE-2026-30233 are not publicly available in the provided connected documents. Monitor for updates.

CVE-2026-30225

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...