π¨ CVE-2025-15545
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attacker to gain root-level command execution, compromising confidentiality, integrity and availability.
π@cveNotify
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attacker to gain root-level command execution, compromising confidentiality, integrity and availability.
π@cveNotify
Nico's Security Research
Discovering and Chaining Vulnerabilities in a TP-Link Range Extender (CVE-2025-15545) β A Research Walkthrough
Description
During the research process on the TP-Link Archer RE605X range extender, multiple security issues were identified.
An initial weakness in the control panel authentication mechanism allows an adjacent unauthenticated attacker to intercept sessionβ¦
During the research process on the TP-Link Archer RE605X range extender, multiple security issues were identified.
An initial weakness in the control panel authentication mechanism allows an adjacent unauthenticated attacker to intercept sessionβ¦
π¨ CVE-2025-15509
The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some information leakage.
π@cveNotify
The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some information leakage.
π@cveNotify
π¨ CVE-2025-15567
Insufficient protection mechanisms in the Health Module may lead to partial information disclosure.
π@cveNotify
Insufficient protection mechanisms in the Health Module may lead to partial information disclosure.
π@cveNotify
π¨ CVE-2026-3404
A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation can lead to xml external entity reference. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation can lead to xml external entity reference. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π¨ CVE-2025-30042
The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication, regardless of the actual presence of the smart card or ownership of the private key.
π@cveNotify
The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication, regardless of the actual presence of the smart card or ownership of the private key.
π@cveNotify
cert.pl
Vulnerabilities in CGM CLININET and CGM NETRAAD software
CERT Polska has received reports about 8 vulnerabilities found in CGM CLININET and CGM NETRAAD software.
π¨ CVE-2026-3695
A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
Gist
Path Traversal in Modern Image Gallery App v1.0 (delete.php)
Path Traversal in Modern Image Gallery App v1.0 (delete.php) - poc.md
π¨ CVE-2026-3702
A vulnerability was detected in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.
π@cveNotify
A vulnerability was detected in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.
π@cveNotify
GitHub
Web-Security-PoCs/Loan-Management-System/XSS-Index-page.md at main Β· meifukun/Web-Security-PoCs
Contribute to meifukun/Web-Security-PoCs development by creating an account on GitHub.
π¨ CVE-2026-3734
A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetch_manager_details.php of the component Endpoint. This manipulation of the argument manager_id causes improper authorization. The attack can be initiated remotely. The exploit has been published and may be used.
π@cveNotify
A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetch_manager_details.php of the component Endpoint. This manipulation of the argument manager_id causes improper authorization. The attack can be initiated remotely. The exploit has been published and may be used.
π@cveNotify
Gist
Unauthenticated Privilege Escalation and IDOR in Client Database Management System (CDMS)
Unauthenticated Privilege Escalation and IDOR in Client Database Management System (CDMS) - CDMS-Security-Advisory.md
π¨ CVE-2026-3737
A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file add_user.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file add_user.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
GitHub
Pet-Grooming-Software/Vulnerability_1.md at main Β· hiranerakkot/Pet-Grooming-Software
Contribute to hiranerakkot/Pet-Grooming-Software development by creating an account on GitHub.
π¨ CVE-2026-3738
A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
π@cveNotify
A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
π@cveNotify
GitHub
Pet-Grooming-Software/Vulnerability_2.md at main Β· hiranerakkot/Pet-Grooming-Software
Contribute to hiranerakkot/Pet-Grooming-Software development by creating an account on GitHub.
π¨ CVE-2026-3746
A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
GitHub
GitHub - CH0ico/CVE_choco_7: sql inject cve
sql inject cve. Contribute to CH0ico/CVE_choco_7 development by creating an account on GitHub.
π¨ CVE-2024-58040
Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.
π@cveNotify
Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.
π@cveNotify
π¨ CVE-2026-26736
TOTOLINK A3002RU_V3 V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the static_ipv6 parameter in the formIpv6Setup function.
π@cveNotify
TOTOLINK A3002RU_V3 V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the static_ipv6 parameter in the formIpv6Setup function.
π@cveNotify
GitHub
cve/TOTOLINK-A3002RUV3.0-boa-formIpv6Setup-StackOverflow at main Β· 0xmania/cve
submit cve. Contribute to 0xmania/cve development by creating an account on GitHub.
π¨ CVE-2025-69969
A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is exploitable over Bluetooth Low Energy (BLE) proximity (Adjacent), requiring no physical contact with the device. Furthermore, the vulnerability is not limited to arbitrary commands but includes cleartext data interception and unauthenticated firmware hijacking via OTA services.
π@cveNotify
A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is exploitable over Bluetooth Low Energy (BLE) proximity (Adjacent), requiring no physical contact with the device. Furthermore, the vulnerability is not limited to arbitrary commands but includes cleartext data interception and unauthenticated firmware hijacking via OTA services.
π@cveNotify
GitHub
GitHub - mukundbhuva/BLEached-Security
Contribute to mukundbhuva/BLEached-Security development by creating an account on GitHub.
π¨ CVE-2026-22760
Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Improper Check for Unusual or Exceptional Conditions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of Service.
π@cveNotify
Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Improper Check for Unusual or Exceptional Conditions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of Service.
π@cveNotify
π¨ CVE-2025-13399
A weakness in the web interfaceβs application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality, integrity, and availability of transmitted data.
π@cveNotify
A weakness in the web interfaceβs application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality, integrity, and availability of transmitted data.
π@cveNotify
TP-Link
Download fΓΌr VX800v | TP-Link Deutschland
TP Link - Downloadcenter
π¨ CVE-2025-15541
Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk.
π@cveNotify
Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk.
π@cveNotify
π¨ CVE-2025-15542
Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls.
π@cveNotify
Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls.
π@cveNotify
π¨ CVE-2025-15543
Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access readβonly access to system files.
π@cveNotify
Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access readβonly access to system files.
π@cveNotify
π¨ CVE-2025-15548
Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality.
π@cveNotify
Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality.
π@cveNotify
π¨ CVE-2026-1457
An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.
π@cveNotify
An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.
π@cveNotify