CVE-2026-2070 - UTT 进取 520W formPolicyRouteConf strcpy buffer overflow
CVE ID : CVE-2026-2070
Published : Feb. 6, 2026, 11:15 p.m. | 1 hour, 33 minutes ago
Description : A vulnerability has been found in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/formPolicyRouteConf. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2070
Published : Feb. 6, 2026, 11:15 p.m. | 1 hour, 33 minutes ago
Description : A vulnerability has been found in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/formPolicyRouteConf. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37079 - Wing FTP Server < 6.2.7 - Cross-site Request Forgery
CVE ID : CVE-2020-37079
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user account without proper authorization.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37079
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user account without proper authorization.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37095 - Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)
CVE ID : CVE-2020-37095
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell on port 1337 with system-level access.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37095
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell on port 1337 with system-level access.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37106 - Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin)
CVE ID : CVE-2020-37106
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request to the user creation endpoint with administrative access parameters.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37106
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request to the user creation endpoint with administrative access parameters.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37107 - Core FTP LE 2.2 - Denial of Service
CVE ID : CVE-2020-37107
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20,000 repeated characters and paste it into the account field to cause the application to become unresponsive and require reinstallation.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37107
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20,000 repeated characters and paste it into the account field to cause the application to become unresponsive and require reinstallation.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37109 - aSc TimeTables 2020.11.4 - Denial of Service
CVE ID : CVE-2020-37109
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Subject title field with a large buffer. Attackers can generate a 1000-character buffer and paste it into the Subject title to trigger an application crash and potential instability.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37109
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Subject title field with a large buffer. Attackers can generate a 1000-character buffer and paste it into the Subject title to trigger an application crash and potential instability.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37122 - SpotFTP-FTP Password Recover 2.4.8 - Denial of Service
CVE ID : CVE-2020-37122
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code to trigger the application crash.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37122
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code to trigger the application crash.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37135 - AMSS++ 4.7 - Backdoor Admin Account
CVE ID : CVE-2020-37135
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37135
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37141 - AMSS++ v 4.31 - 'id' SQL Injection
CVE ID : CVE-2020-37141
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentially access or modify database contents.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37141
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentially access or modify database contents.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37146 - Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure
CVE ID : CVE-2020-37146
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /config_backup.bin endpoint, exposing credentials and system settings.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37146
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /config_backup.bin endpoint, exposing credentials and system settings.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37147 - ATutor 2.2.4 - 'id' SQL Injection
CVE ID : CVE-2020-37147
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'id' parameter of the admin_delete.php script to potentially extract or modify database information.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37147
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'id' parameter of the admin_delete.php script to potentially extract or modify database information.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37154 - eLection 2.0 - 'id' SQL Injection
CVE ID : CVE-2020-37154
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploading backdoor files to the web application directory.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37154
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploading backdoor files to the web application directory.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37155 - Core FTP Lite 1.3 - Denial of Service (PoC)
CVE ID : CVE-2020-37155
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte payload of repeated 'A' characters to trigger an application crash without requiring additional interaction.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37155
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte payload of repeated 'A' characters to trigger an application crash without requiring additional interaction.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37157 - DBPower C300 HD Camera - Remote Configuration Disclosure
CVE ID : CVE-2020-37157
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37157
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37159 - Cuckoo Clock 5.0 - Buffer Overflow
CVE ID : CVE-2020-37159
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37159
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37160 - SprintWork 2.3.1 - Local Privilege Escalation
CVE ID : CVE-2020-37160
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain complete system access.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37160
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain complete system access.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37161 - Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow
CVE ID : CVE-2020-37161
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability to run system commands like launching the calculator.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37161
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability to run system commands like launching the calculator.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37162 - Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow
CVE ID : CVE-2020-37162
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608 bytes to trigger a stack-based buffer overflow and execute commands through the registration key field.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37162
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608 bytes to trigger a stack-based buffer overflow and execute commands through the registration key field.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37163 - QuickDate 1.3.2 - SQL Injection
CVE ID : CVE-2020-37163
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject UNION-based SQL statements to extract database information including user credentials, database name, and system version.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37163
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject UNION-based SQL statements to extract database information including user credentials, database name, and system version.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37164 - AbsoluteTelnet 11.12 - "license entry" Denial of Service
CVE ID : CVE-2020-37164
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license entry field to trigger an application crash.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37164
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license entry field to trigger an application crash.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37165 - AbsoluteTelnet 11.12 - "license name" Denial of Service
CVE ID : CVE-2020-37165
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license name field to trigger an application crash.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37165
Published : Feb. 7, 2026, 12:15 a.m. | 33 minutes ago
Description : AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license name field to trigger an application crash.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...