A vulnerability was found in GitBucket up to 4.46.1. It has been classified as critical. This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala. Performing a manipulation of the argument url results in server-side request forgery.
This vulnerability is reported as CVE-2026-13540. The attack is possible to be carried out remotely. Moreover, an exploit is present.
To fix this issue, it is recommended to deploy a patch.
A vulnerability was found in Wavlink WL-NU516U1-A M16U1_V240425 and classified as critical. The impacted element is the function sub_407504 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. Such manipulation of the argument Guest_ssid leads to stack-based buffer overflow.
This vulnerability is documented as CVE-2026-13539. The attack can be executed remotely. Additionally, an exploit exists.
It is suggested to upgrade the affected component.
The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
A vulnerability has been found in Wavlink WL-NU516U1-A M16U1_V240425 and classified as critical. The affected element is the function sub_401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection.
This vulnerability is registered as CVE-2026-13538. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
The affected component should be upgraded.
The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
A vulnerability labeled as problematic has been found in mb Support openVIVA. The impacted element is an unknown function of the component Vorgang Handler. The manipulation of the argument Name/Hauptverantwortlicher results in cross site scripting.
This vulnerability is cataloged as CVE-2022-39172. The attack may be launched remotely. Furthermore, there is an exploit available.
The affected component should be upgraded.
A vulnerability labeled as critical has been found in Plone CMS 3.x. This affects an unknown part. The manipulation results in credentials management.
This vulnerability is cataloged as CVE-2008-1396. The attack may be launched remotely. There is no exploit available.
A vulnerability labeled as problematic has been found in Siemens Parasolid. This impacts an unknown function of the component X_T File Handler. The manipulation results in out-of-bounds read.
This vulnerability is known as CVE-2022-39157. Access to the local network is required for this attack. No exploit is available.
The affected component should be upgraded.
A vulnerability classified as problematic has been found in Ignition. This affects an unknown part. The manipulation leads to information disclosure.
This vulnerability is listed as CVE-2022-1706. The attack must be carried out from within the local network. There is no available exploit.
Applying a patch is the recommended action to fix this issue.