π¨ CVE-2026-3746
A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
GitHub
GitHub - CH0ico/CVE_choco_7: sql inject cve
sql inject cve. Contribute to CH0ico/CVE_choco_7 development by creating an account on GitHub.
π¨ CVE-2024-58040
Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.
π@cveNotify
Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.
π@cveNotify
π¨ CVE-2026-26736
TOTOLINK A3002RU_V3 V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the static_ipv6 parameter in the formIpv6Setup function.
π@cveNotify
TOTOLINK A3002RU_V3 V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the static_ipv6 parameter in the formIpv6Setup function.
π@cveNotify
GitHub
cve/TOTOLINK-A3002RUV3.0-boa-formIpv6Setup-StackOverflow at main Β· 0xmania/cve
submit cve. Contribute to 0xmania/cve development by creating an account on GitHub.
π¨ CVE-2025-69969
A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is exploitable over Bluetooth Low Energy (BLE) proximity (Adjacent), requiring no physical contact with the device. Furthermore, the vulnerability is not limited to arbitrary commands but includes cleartext data interception and unauthenticated firmware hijacking via OTA services.
π@cveNotify
A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is exploitable over Bluetooth Low Energy (BLE) proximity (Adjacent), requiring no physical contact with the device. Furthermore, the vulnerability is not limited to arbitrary commands but includes cleartext data interception and unauthenticated firmware hijacking via OTA services.
π@cveNotify
GitHub
GitHub - mukundbhuva/BLEached-Security
Contribute to mukundbhuva/BLEached-Security development by creating an account on GitHub.
π¨ CVE-2026-22760
Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Improper Check for Unusual or Exceptional Conditions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of Service.
π@cveNotify
Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Improper Check for Unusual or Exceptional Conditions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of Service.
π@cveNotify
π¨ CVE-2025-13399
A weakness in the web interfaceβs application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality, integrity, and availability of transmitted data.
π@cveNotify
A weakness in the web interfaceβs application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality, integrity, and availability of transmitted data.
π@cveNotify
TP-Link
Download fΓΌr VX800v | TP-Link Deutschland
TP Link - Downloadcenter
π¨ CVE-2025-15541
Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk.
π@cveNotify
Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk.
π@cveNotify
π¨ CVE-2025-15542
Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls.
π@cveNotify
Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls.
π@cveNotify
π¨ CVE-2025-15543
Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access readβonly access to system files.
π@cveNotify
Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access readβonly access to system files.
π@cveNotify
π¨ CVE-2025-15548
Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality.
π@cveNotify
Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality.
π@cveNotify
π¨ CVE-2026-1457
An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.
π@cveNotify
An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.
π@cveNotify
π¨ CVE-2026-0925
Tanium addressed an improper input validation vulnerability in Discover.
π@cveNotify
Tanium addressed an improper input validation vulnerability in Discover.
π@cveNotify
π¨ CVE-2026-1224
Tanium addressed an uncontrolled resource consumption vulnerability in Discover.
π@cveNotify
Tanium addressed an uncontrolled resource consumption vulnerability in Discover.
π@cveNotify
π¨ CVE-2025-15288
Tanium addressed an improper access controls vulnerability in Interact.
π@cveNotify
Tanium addressed an improper access controls vulnerability in Interact.
π@cveNotify
π¨ CVE-2025-15322
Tanium addressed an improper access controls vulnerability in Tanium Server.
π@cveNotify
Tanium addressed an improper access controls vulnerability in Tanium Server.
π@cveNotify
π¨ CVE-2025-15320
Tanium addressed a denial of service vulnerability in Tanium Client.
π@cveNotify
Tanium addressed a denial of service vulnerability in Tanium Client.
π@cveNotify
π¨ CVE-2025-15315
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.
π@cveNotify
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.
π@cveNotify
π¨ CVE-2026-26033
UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or Element (CWE-428) vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges.
π@cveNotify
UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or Element (CWE-428) vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges.
π@cveNotify
jvn.jp
JVN#56544509: Multiple vulnerabilities in Dell UPS Multi-UPS Management Console (MUMC)
Japan Vulnerability Notes
π¨ CVE-2026-26034
UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Incorrect Default Permissions (CWE-276) vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL.
π@cveNotify
UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Incorrect Default Permissions (CWE-276) vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL.
π@cveNotify
jvn.jp
JVN#56544509: Multiple vulnerabilities in Dell UPS Multi-UPS Management Console (MUMC)
Japan Vulnerability Notes
π¨ CVE-2026-29127
The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege escalation depending on conditions of the system due to the presence of highly privileged processes and binaries residing within the affected directory.
π@cveNotify
The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege escalation depending on conditions of the system due to the presence of highly privileged processes and binaries residing within the affected directory.
π@cveNotify
Abduls Blog
Over 20 vulnerabilities found in satellite receiver used by US DoD, EU's Space Agency and others
During a recent penetration test I did against a critical infrastructure operator, I had achieved Domain Administrator through two independent routes; ADCS ESC4, and by combining an LMCompatibility value of 2 with LDAP signing disabled. With that out of theβ¦
π¨ CVE-2026-23767
ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection.
π@cveNotify
ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection.
π@cveNotify