| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials. |
| A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulation of the argument User name results in cross site scripting. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. |
| A vulnerability was found in projeto-siga siga 11.0.3.18. The affected element is an unknown function of the file /sigawf/app/responsavel/novo. Performing a manipulation of the argument Nome/Descrição results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet. |
| The GL-iNet Comet (GL-RM1) KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins. |
| The GL-iNet Comet (GL-RM1) KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification. |
| A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 7.21 is able to resolve this issue. Upgrading the affected component is advised. VulDB has contacted the vendor early and they confirmed quickly, that this issue got fixed already. |
| A vulnerability has been found in likeadmin-likeshop likeadmin_php up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet. |
| A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repo_path of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. |
| A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbolic links to execute destructive recursive operations (e.g., chmod -R 000) on the entire root filesystem, leading to system-wide permission loss and potential complete system breakdown. |
| The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from_utf8_lossy(), which replaces invalid UTF-8 byte sequences with the Unicode replacement character (U+FFFD). This behavior differs from GNU comm, which processes raw bytes and preserves the original input. This results in corrupted output when the utility is used to compare binary files or files using non-UTF-8 legacy encodings. |
| A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used. |
| The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The are_files_identical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input path is a FIFO or a pipe, this pre-read operation drains the stream, leading to silent data loss before the actual comparison logic is executed. Additionally, the utility may hang indefinitely if it attempts to pre-read from infinite streams like /dev/zero. |
| A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a symbolic link that resolves to the root directory (e.g., /tmp/rootlink -> /), potentially leading to the unintended recursive deletion of the entire root filesystem. |
| The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and migrations, causing files moved by a privileged user (e.g., root) to become root-owned unexpectedly, which can lead to information disclosure or restricted access for the intended owners. |
| A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. |
| The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions (typically 0755) before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces a brief window where a directory intended to be private is accessible to other users, potentially leading to unauthorized data access. |
| The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file installation. The implementation unlinks an existing destination file and then recreates it using a path-based operation without the O_EXCL flag. A local attacker can exploit the window between the unlink and the subsequent creation to swap the path with a symbolic link, allowing them to redirect privileged writes to overwrite arbitrary system files. |
| A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file descriptor. An attacker with concurrent write access can replace a path component with a symbolic link between these operations, redirecting the privileged write to an arbitrary file system location. |
| A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update_user.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized. |
| The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::remove_dir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind with incorrect default contexts, potentially allowing unauthorized access to device nodes that should have been restricted by mandatory access controls. |
