Binardat 10G08-0800GSM 跨站脚本漏洞

Binardat 10G08-0800GSM is a high-performance switch from the Chinese company Binardat. The Binardat 10G08-0800GSM Network Switch V300SP10260209 and earlier versions have a cross-site scripting vulnerability. This vulnerability stems from uncleaned user input reflected in the web interface, which...

PT-2026-21755

Name of the Vulnerable Software and Affected Versions Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 Description The web interface does not properly sanitize user input, which allows an attacker to inject and execute arbitrary JavaScript code within the context of...

TOTOLINK X5000R 安全漏洞

TOTOLINK X5000R is a router produced by TOTOLINK, a Chinese company. The TOTOLINK X5000R V9.1.0cu.2415B20250515 version contains a security vulnerability. This vulnerability stems from insufficient boundary checking of the CONTENTLENGTH environment variable in the /cgi-bin/cstecgi.cgi file. It ma...

PT-2026-21743

Name of the Vulnerable Software and Affected Versions TOTOLINK X5000R version 9.1.0cu.2415 B20250515 Description The software contains a denial-of-service issue in the /cgi-bin/cstecgi.cgi component. The component reads the CONTENT LENGTH environment variable and allocates memory using malloc wit...

InSAT MasterSCADA BUK-TS 操作系统命令注入漏洞

InSAT MasterSCADA BUK-TS is an industrial automation control component developed by the Russian company InSAT. InSAT MasterSCADA BUK-TS has a vulnerability related to OS command injection. This vulnerability stems from the presence of OS command injection in the MMadmServ Web interface fields,...

PT-2026-21749

Name of the Vulnerable Software and Affected Versions Binardat 10G08-0800GSM network switch firmware versions V300SP10260209 and prior Description The Binardat 10G08-0800GSM network switch firmware contains a command injection issue within the traceroute diagnostic function of the web management...

CVE-2025-67445

CVE-2025-67445 affects TOTOLINK X5000R (v9.1.0cu.2415_B20250515) in the /cgi-bin/cstecgi.cgi CGI. The issue stems from reading CONTENT_LENGTH and calling malloc(CONTENT_LENGTH + 1) without proper bounds checks. A crafted large POST request can exhaust memory or cause a segmentation fault when the...

GO-2026-4498 Gogs has a Protected Branch Deletion Bypass in Web Interface in gogs.io/gogs

Gogs has a Protected Branch Deletion Bypass in Web Interface in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

CVE-2026-27513 Tenda F3 CSRF in Web Management Interface

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a cross-site request forgery CSRF vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit...

CVE-2026-27513 Tenda F3 CSRF in Web Management Interface

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a cross-site request forgery CSRF vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit...

CVE-2026-27511 Tenda F3 Clickjacking in Web Management Interface

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...

CVE2009-2585_HP_Power_Manager_BoF

CVE2009-2585HPPowerManagerBoF This repository contains a P...

DrayTek Vigor 300B 操作系统命令注入漏洞

The DrayTek Vigor 300B is a Quad-WAN load balancing broadband router operated on Linux systems by DrayTek Corporation. Versions of the DrayTek Vigor 300B prior to 1.5.1.6 contained an operating system command injection vulnerability. This vulnerability stemmed from improper handling of parameters...

PT-2026-21531

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The web-based administrative interface does not implement anti-CSRF protections. This allows an attacker to make an authenticated administrator submit requests...

Tenda F3 安全漏洞

Tenda F3 is a wireless router produced by the Chinese company Tenda. The Tenda F3 V12.01.01.55multi version has a security vulnerability. This vulnerability arises from the lack of the X-Frame-Options header set in the web management interface, which may lead to clickjacking attacks...

CVE-2026-2930

A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of the argument boundary leads to stack-based buffer overflow. The attack can be executed remotely. Th...

CVE-2026-24455

The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive interception by attackers on the same network...

CVE-2026-25715

The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authentication with empty credentials over the web management interface and Telnet service. This effectively disables authentication across all...

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

CVE-2019-25447

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...