1453 matches found
PT-2026-45164
A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. Such manipulation of the argument start wizard leads to stack-based buffer overflow. The attack can be launched remotely...
Malicious code in @autoheal/setup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a8b8b7d51e8865d048583893b08ad3d3d95a8371963b82adc6bf4b7938fe4c1 When the user runs this setup wizard, bin/setup.js posts the user's GitHub Personal Access Token scope repo,user:email, GitHub repo name, branch,...
MAL-2026-4366 Malicious code in @autoheal/setup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a8b8b7d51e8865d048583893b08ad3d3d95a8371963b82adc6bf4b7938fe4c1 When the user runs this setup wizard, bin/setup.js posts the user's GitHub Personal Access Token scope repo,user:email, GitHub repo name, branch,...
📄 ZTE ZXHN H188A 6 Authentication Bypass / Credential Disclosure
ZTE ZXHN H188A version 6 suffers from an authentication bypass vulnerability via a pre-login wizard credential leak. Title: ZTE ZXHN H188A V6 - Authentication Bypass via Pre-Login Wizard Credential Leak Date: 2026-05-20 Author: Mina Nageh Salalma Monx Research CVE: CVE-2026-34472 Vendor: ZTE...
📄 ZTE ZXHN H168N 3.6 Credential Leak / Admin Compromise
ZTE ZXHN H168N version 3.5 suffers from a password leak vulnerability that leads to full administrative compromise. Title: ZTE ZXHN H168N V3.5 - Unauthenticated Wizard Credential Leak to Full Admin Compromise Date: 2026-05-20 Author: Mina Nageh Salalma Monx Research CVE: CVE-2021-21735 Vendor: ZT...
@antv/auto-chart (>=2.0.0 <=2.1.0-alpha.0), @antv/chart-advisor (>=2.0.0 <=2.1.0-alpha.1) +4 more potentially affected by unknown CVE via @antv/data-wizard (>=2.0.4 <=2.1.0-alpha.5)
@antv/data-wizard NPM version =2.0.4, =2.0.0, =2.0.0, =1.2.0-beta.0, =2.0.0, =2.0.0, =0.0.1, =0.1.0-beta.57 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVDATAWIZARD-16754475...
@antv/auto-chart (>=2.0.0 <=2.1.0-alpha.0), @antv/chart-advisor (>=2.0.0 <=2.1.0-alpha.1) +5 more potentially affected by unknown CVE via @antv/ckb (>=2.0.4 <=2.1.0-alpha.0)
@antv/ckb NPM version =2.0.4, =2.0.0, =2.0.0, =1.2.0-beta.0, =1.0.0-alpha.1, =2.0.0, =2.0.0, =0.0.1, =0.1.0-beta.57 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVCKB-16754938...
CVE-2026-42288
ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard via unsanitized DBPASSWORD remains fully exploitable This vulnerability is fixed in 7.3.2...
CVE-2026-42288
ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard via unsanitized DBPASSWORD remains fully exploitable This vulnerability is fixed in 7.3.2...
CVE-2026-42288
ChurchCRM prior to version 7.1.0 is affected by a pre-auth RCE in the setup wizard due to unsanitized DB_PASSWORD handling, enabling unauthenticated PHP code injection during initial install. The issue stems from an incomplete fix for a previous CVE and is fixed in 7.1.0. Impact is described as f...
CVE-2026-42288
ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard via unsanitized DBPASSWORD remains fully exploitable This vulnerability is fixed in 7.3.2...
CVE-2026-42288 ChurchCRM: Incomplete fix for CVE-2026-39337: Unauthenticated RCE in Setup Wizard via unsanitized DB_PASSWORD
ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard via unsanitized DBPASSWORD remains fully exploitable This vulnerability is fixed in 7.3.2...
CVE-2026-42288 ChurchCRM: Incomplete fix for CVE-2026-39337: Unauthenticated RCE in Setup Wizard via unsanitized DB_PASSWORD
ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard via unsanitized DBPASSWORD remains fully exploitable This vulnerability is fixed in 7.3.2...
EUVD-2026-29876
ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard via unsanitized DBPASSWORD remains fully exploitable This vulnerability is fixed in 7.3.2...
EUVD-2026-29362
Due to missing authorization check in SAP Strategic Enterprise Management Scorecard Wizard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and...
CVE-2026-40132
Due to missing authorization check in SAP Strategic Enterprise Management Scorecard Wizard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and...
CVE-2026-40132
Due to missing authorization check in SAP Strategic Enterprise Management Scorecard Wizard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and...
CVE-2026-40132
CVE-2026-40132 concerns SAP Strategic Enterprise Management (Scorecard Wizard in BSP). The vulnerability stems from a missing authorization check, allowing an authenticated attacker to view information they should not access and to alter default settings and value fields, which could mislead risk...
CVE-2026-40132 Missing Authorization Check in SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard)
Due to missing authorization check in SAP Strategic Enterprise Management Scorecard Wizard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and...
CVE-2026-40132 Missing Authorization Check in SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard)
Due to missing authorization check in SAP Strategic Enterprise Management Scorecard Wizard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and...