EUVD-2026-26856

A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability...

PT-2026-37203

Name of the Vulnerable Software and Affected Versions Pelican versions 7.21.0 through 7.21.4 Pelican versions 7.22.0 through 7.22.2 Pelican versions 7.23.0 through 7.23.2 Pelican versions 7.24.0 through 7.24.1 Description A privilege escalation issue exists in the Web User Interface WebUI that...

PT-2026-36735

Name of the Vulnerable Software and Affected Versions GeoVision LPC2011/LPC2211 version 1.10 Description A privilege escalation issue exists in the Web Interface functionality, specifically within the 'ssi.cgi' endpoint. A specially crafted HTTP request can lead to the leak of Administrator...

GeoVision LPC2011和GeoVision LPC2211 安全漏洞

Both GeoVision LPC2011 and GeoVision LPC2211 are network monitoring control devices produced by the Chinese company GeoVision. The version 1.10 of GeoVision LPC2011 and GeoVision LPC2211 contain security vulnerabilities. These vulnerabilities stem from privilege escalation within the Web Interfac...

GeoVision LPC2011和GeoVision LPC2211 安全漏洞

Both GeoVision LPC2011 and GeoVision LPC2211 are network monitoring control devices produced by the Chinese company GeoVision. The version 1.10 of GeoVision LPC2011 and GeoVision LPC2211 contain security vulnerabilities. These vulnerabilities stem from the privilege escalation in the Web Interfac...

Nginx UI 访问控制错误漏洞

Nginx UI is a web interface for Nginx developed by Jacky. In versions 2.0.0 to 2.3.8 of Nginx UI, there was an access control vulnerability. This vulnerability stemmed from the fact that the public/api/install endpoint required no authentication during the first run, allowing unauthenticated...

PT-2026-36740

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this...

GeoVision LPC2011和GeoVision LPC2211 跨站脚本漏洞

Both GeoVision LPC2011 and GeoVision LPC2211 are network monitoring control devices produced by the Chinese company GeoVision. Version 1.10 of GeoVision LPC2011 and GeoVision LPC2211 contains a cross-site scripting vulnerability. This vulnerability stems from multiple reflective cross-site script...

GeoVision LPC2011和GeoVision LPC2211 跨站脚本漏洞

Both GeoVision LPC2011 and GeoVision LPC2211 are network monitoring devices produced by the Chinese company GeoVision. Version 1.10 of GeoVision LPC2011 and GeoVision LPC2211 contain a cross-site scripting vulnerability. This vulnerability stems from the ssi.cgi function in the Web Interface, whi...

PT-2026-36733

Name of the Vulnerable Software and Affected Versions GeoVision LPC2011/LPC2211 version 1.10 Description The Web Interface functionality contains a flaw where session cookies are guessable. An attacker can use a series of specially crafted HTTP requests to brute-force these cookies, allowing them...

GeoVision LPC2011和GeoVision LPC2211 安全漏洞

Both GeoVision LPC2011 and GeoVision LPC2211 are network monitoring control devices produced by the Chinese company GeoVision. Version 1.10 of GeoVision LPC2011 and GeoVision LPC2211 contain security vulnerabilities. These vulnerabilities stem from predictable session cookies within the Web...

PT-2026-36736

Name of the Vulnerable Software and Affected Versions GeoVision LPC2011/LPC2211 version 1.10 Description A privilege escalation issue exists in the Web Interface functionality. A specially crafted HTTP request allows an attacker to execute privileged operations by visiting a specific webpage...

Astra Linux – Vulnerability in Chromium

Before version 91.0.4472.77, using “after free” in the WebUI in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...

OESA-2026-2197 cups security update

CUPS is the standards-based, open source printing system developed by Apple Inc. for UNIX®-like operating systems. CUPS uses the Internet Printing Protocol IPP to support printing to local and network printers. Security Fixes: OpenPrinting CUPS is an open source printing system for Linux and othe...

CVE-2026-7683 Edimax BR-6428nC Web setWAN command injection

A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has bee...

EUVD-2026-26821

A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has bee...

Edimax BR-6428nC 注入漏洞

The Edimax BR-6428nC is a multi-functional wireless broadband router produced by Edimax Corporation. Versions of Edimax BR-6428nC prior to 1.16 contained a vulnerability. This vulnerability stemmed from an unknown function in the component’s Web Interface, specifically the file/goform/setWAN, whi...

CVE-2026-7549

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=deletecustomer. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2026-4918

IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

PT-2026-36529

A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request...