Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request. More information : https://plaid-knot-11b.notion.site/Unauthenticated-Remote-Access-to-ate-Debug-Interface-via-Improper-Access-Controls-in-Tenda-AC10-V4-23fb3e9cce328050a479e44a8c217a72?source=copy_link
Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info. More information : https://plaid-knot-11b.notion.site/Heap-based-Buffer-Overflow-in-function-get_parentControl_list_Info-via-deviceId-parameter-Remote-at-23eb3e9cce328014a639f619bc14ed90
A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown function of the file /etc/shadow of the component Administrative Interface. The manipulation leads to use of default credentials. An attack has to...
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function cgiMain of the file /cgi-bin/upload.cgi. Executing manipulation of the argument filename can lead to os...
Improper input validation in firmware of some Solidigm DC Products may allow an attacker with local access to cause a Denial of Service More information : https://www.solidigm.com/support-page/support-security.html
Valtimo is a platform for Business Process Automation. In versions before 12.16.0.RELEASE, and from 13.0.0.RELEASE to before 13.1.2.RELEASE, any admin that can create or modify and execute process-definitions could gain access to sensitive data...
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the...
Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. This could result in sensitive...
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user...
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C. More information : https://plaid-knot-11b.notion.site/Stack-Buffer-Overflow-in-goform-WifiBasicSet-via-Password-parameter-Remote-attacker-can-execute-ar-23fb3e9cce32807c883fc1b233e09eca?source=copy_link
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler. More information : https://plaid-knot-11b.notion.site/Stack-Buffer-Overflow-in-login-Auth-via-Password-parameter-Remote-attacker-can-execute-arbitrary-c-23fb3e9cce32800ba969f8b3a9f80bda?source=copy_link
AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability. The issue may allow attackers to launch a server-side request forgery (SSRF) attack enabling unauthorized network calls from the system, potentially exposing...
In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 information disclosure was possible via search_project function More information : https://www.jetbrains.com/privacy-security/issues-fixed/
In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves More information : https://www.jetbrains.com/privacy-security/issues-fixed/