Aggregator

Cyber threats across Latin America are increasingly targeting government systems, from disruptive attacks in Puerto Rico to a surge of probes against Colombia’s health sector.

A vulnerability has been found in Trendnet TEW-657BRM 1.00.1 and classified as critical. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the argument policy_name leads to os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2026-5355. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us."

A vulnerability, which was classified as critical, was found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the file /setup.cgi. Executing a manipulation of the argument policy_name can lead to os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2026-5354. The attack can be executed remotely. Additionally, an exploit exists. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us."

A vulnerability, which was classified as critical, has been found in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of the file /setup.cgi. Performing a manipulation of the argument c4_IPAddr results in os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2026-5353. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us."

A vulnerability classified as critical was found in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdb_list leads to os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2026-5352. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us."

A vulnerability classified as critical has been found in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability appears as CVE-2026-5351. The attack may be initiated remotely. In addition, an exploit is available. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us."

A vulnerability described as critical has been identified in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is reported as CVE-2026-5350. The attack can be launched remotely. Moreover, an exploit is present. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us."

A vulnerability marked as critical has been reported in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is documented as CVE-2026-5349. The attack can be initiated remotely. Additionally, an exploit exists. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us."

Submit #781569 / VDB-354708

Submit #781568 / VDB-354707

Submit #781566 / VDB-354706

Submit #781565 / VDB-354705

Submit #781564 / VDB-354704

Submit #781567 / VDB-354703

Submit #781563 / VDB-354702

ShadowByt3s Claims Starbucks Breach With 10GB of Proprietary Source Code, Beverage Machine Firmware, and Global Management Tools From Compromised S3 Bucket

A vulnerability classified as problematic was found in InstaWP Connect Plugin up to 0.1.0.9 on WordPress. Affected is an unknown function. Executing a manipulation can lead to missing authorization. This vulnerability is handled as CVE-2024-23506. The attack can only be done within the local network. There is not any exploit available.

A vulnerability, which was classified as critical, was found in InstaWP Connect Plugin up to 0.1.0.9 on WordPress. Affected by this issue is some unknown functionality. The manipulation results in sql injection. This vulnerability was named CVE-2024-23507. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability marked as problematic has been reported in WP Lab WP-Lister Lite for eBay Plugin up to 3.5.7 on WordPress. The impacted element is an unknown function. Performing a manipulation results in cross site scripting. This vulnerability is identified as CVE-2024-22307. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in cybernetikz Post views Stats Plugin up to 1.3 on WordPress and classified as problematic. This vulnerability affects unknown code. Executing a manipulation can lead to cross site scripting. This vulnerability appears as CVE-2024-22289. The attack may be performed from remote. There is no available exploit.