A vulnerability identified as critical has been detected in Shibby Tomato up to 1.28.0000. This vulnerability affects the function sub_407220 of the file /usr/sbin/httpd of the component DNS List Rendering. The manipulation leads to stack-based buffer overflow.
This vulnerability is uniquely identified as CVE-2026-15548. The attack is possible to be carried out remotely. Moreover, an exploit is present.
This project is superseded by FreshTomato.
A vulnerability categorized as critical has been discovered in Shibby Tomato up to 1.28.0000. This affects the function sub_2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection.
This vulnerability is handled as CVE-2026-15547. The attack can be executed remotely. Additionally, an exploit exists.
This project is superseded by FreshTomato.
A vulnerability was found in Shibby Tomato up to 1.28.0000. It has been rated as critical. Affected by this issue is the function sub_2D568 of the component start_jffs2. Performing a manipulation of the argument jffs2_exec results in os command injection.
This vulnerability is known as CVE-2026-15546. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
This project is superseded by FreshTomato.
A vulnerability was found in Shibby Tomato up to 1.28.0000. It has been declared as critical. Affected by this vulnerability is the function main of the file www/apcupsd/tomatodata.cgi of the component apcupsd. Such manipulation leads to out-of-bounds write.
This vulnerability is traded as CVE-2026-15545. The attack may be launched remotely. Furthermore, there is an exploit available.
This project is superseded by FreshTomato.
A vulnerability was found in Shibby Tomato up to 1.28.0000. It has been classified as critical. Affected is the function getupsvar of the file www/apcupsd/tomatodata.cgi of the component apcupsd. This manipulation of the argument Field causes stack-based buffer overflow.
This vulnerability appears as CVE-2026-15544. The attack may be initiated remotely. In addition, an exploit is available.
This project is superseded by FreshTomato.
An alleged Ryuk ransomware member pleaded guilty in the U.S. for helping deploy attacks on American companies and faces up to 15 years in prison. Armenian national Karen Serobovich Vardanyan (34) pleaded guilty in the U.S. for his role in Ryuk ransomware attacks targeting American organizations between 2019 and 2020. Extradited from Ukraine after his […]
Anthropic has just extended access to Claude Fable 5 for paid subscribers until July 19, giving you another week to keep using the most powerful model. [...]