PT-2026-2147

Name of the Vulnerable Software and Affected Versions Tenda 300Mbps Wireless Router F3 Tenda N300 Easy Setup Router Description The routers transmit login credentials in plaintext during the initial login or after a factory reset through the web-based administrative interface. An attacker on the...

Tenda N300和Tenda F3 安全漏洞

Tenda N300 and Tenda F3 are both products of Tenda, a Chinese company.Tenda N300 is a router.Tenda F3 is a wireless router. A security vulnerability exists in the Tenda N300 and Tenda F3 that originates from the transmission of credentials encoded using reversible Base64 encoding via a web-based...

PT-2026-2024

Name of the Vulnerable Software and Affected Versions ALGO 8180 IP Audio Alerter affected versions not specified Description A flaw exists in the web-based user interface of the ALGO 8180 IP Audio Alerter, allowing remote attackers to execute arbitrary code on affected devices. Authentication is...

PT-2026-2149

Name of the Vulnerable Software and Affected Versions Tenda 300Mbps Wireless Router F3 Tenda N300 Easy Setup Router Description The routers are susceptible to a security issue stemming from the absence of the HTTPOnly flag on session cookies used with the web-based administrative interface. An...

(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from the lack of proper...

(0Day) ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from the lack of proper...

Tenda N300 安全漏洞

The Tenda N300 is a router from China-based Tenda. A security vulnerability exists in the Tenda N300 that stems from the lack of the HTTPOnly flag in the session cookie associated with the web-based management interface, which could allow a remote attacker to gain unauthorized access by capturing...

CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

PT-2026-1872

Name of the Vulnerable Software and Affected Versions GL.Inet GL.Inet AX1800 versions 4.6.4 and 4.6.8 Description An issue exists in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call within the GL.Inet AX1800. The script operates with root privileges when activated through...

CVE-2025-67091

CVE-2025-67091 affects GL.iNet AX1800 firmware versions 4.6.4 and 4.6.8 . The issue lies in the GL.iNet custom opkg wrapper script at /usr/libexec/opkg-call , which runs with root privileges when triggered via the LuCI web interface or authenticated API calls to manage packages. Vulnerable code u...

CVE-2026-20029

Cisco ISE and ISE-PIC are affected by an XML External Entity (XXE) processing vulnerability in the licensing feature. An authenticated attacker with administrative privileges can upload a malicious file via the web-based management interface and read arbitrary files from the underlying OS (potent...

CVE-2013-6918

The web interface on the Satechi travel router 1.5, when Wi-Fi is used for WAN access, exposes the console without authentication on the WAN IP address regardless of the "Web Management via WAN" setting, which allows remote attackers to bypass intended access restrictions via HTTP requests...

CVE-2019-7163

The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40LU02.0002 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password...

CVE-2019-7315

Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.x are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow. NOTE: this product is discontinued, and its final firmware version has this vulnerability 4.x versions exist only...

CVE-2019-16100

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source...

CVE-2025-13419

CVE-2025-13419 affects the WordPress plugin Guest posting / Frontend Posting / Front Editor – WP Front User Submit. The issue is a missing capability check on the /wp-json/bfe/v1/revert REST endpoint, present in all versions up to 5.0.0, allowing unauthenticated attackers to delete arbitrary medi...

CVE-2025-66019 vulnerabilities

Vulnerabilities for packages: nemo, open-webui...

CVE-2020-36915

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec...

CVE-2020-36915 Adtec Digital SignEdje Digital Signage Player v2.08.28 Default Credentials

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec...