CVE-2025-69929

An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using the MD5 algorithm over a predictable string format...

TP-Link VX800v security vulnerability

The TP-Link VX800v is a VoIP gateway produced by the TP-Link company. The TP-Link VX800v 1.0 version has a security vulnerability. This vulnerability arises from certain web interface endpoints transmitting sensitive information via unencrypted HTTP traffic due to the lack of application layer...

CVE-2025-69929

An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate privileges via the password hashing on the client side using the MD5 algorithm over a predictable string format...

CVE-2025-69929

CVE-2025-69929 affects N3uron Web User Interface v1.21.7-240207.1047. The issue is a client-side password hashing flaw using MD5 over a predictable string format, enabling a remote attacker to escalate privileges. The CVE entry is marked with a critical base score (9.8) and a network attack vecto...

PT-2026-5323

Name of the Vulnerable Software and Affected Versions VX800v version 1.0 Description The web interface of VX800v version 1.0 transmits sensitive information over unencrypted HTTP due to missing application layer encryption. This allows a network-adjacent attacker to intercept the traffic and...

latex.teainside.org security vulnerabilities

latex.teainside.org is a web interface for the LaTeX compiler developed by Ammar Faizi. Version 1.0 of latex.teainside.org has a security vulnerability; this vulnerability stems from the/api.php endpoint, which processes malicious LaTeX payloads, potentially leading to remote code execution...

CVE-2026-1548

A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injection. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2026-23593

A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory...

Archer MR600 vulnerable to OS command injection

Overview Archer MR600 provided by TP-Link Systems Inc. contains the following vulnerability. OS command injection CWE-78 - CVE-2025-14756 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An arbitrary OS command may be execute...

CVE-2026-24430

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 disclose sensitive account credentials in cleartext within HTTP responses generated by the maintenance interface. Because the management interface is accessible over unencrypted HTTP by default, credentials may be expose...

CVE-2026-23593

A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory...

CVE-2026-23593 Unauthenticated Limited File Read allows Data Exposure in Web Interface

A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory...

CVE-2026-23593 Unauthenticated Limited File Read allows Data Exposure in Web Interface

A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory...

CVE-2026-23593

A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory...

CVE-2026-23593

CVE-2026-23593 affects the web-based management interface of HPE Aruba Networking Fabric Composer. The vulnerability allows an unauthenticated remote attacker to read files within the affected directory. Public technical details in connected documents confirm the affected product and impact (unau...

CVE-2016-15057

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

CVE-2025-59098

The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...

CVE-2025-59108

By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced...

CLSA-2026-1769515411 cups: Fix of CVE-2025-61915

CVE-2025-61915: fix out-of-bound write issue caused by inserting malicious line in cups web UI config...

HPE Aruba Networking Fabric Composer security vulnerabilities

HPE Aruba Networking Fabric Composer is a network orchestration software developed by the American company HPE. HPE Aruba Networking Fabric Composer has a security vulnerability, which stems from defects in its web-based management interface. This vulnerability could allow unauthenticated remote...