VYPR
Vendor

Ucdok

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2026-10067HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was detected in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file multimon.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. This project is superseded by FreshTomato. This vulnerability only…

  • CVE-2026-10066HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.00

    A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub_9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. This project is…

  • CVE-2026-10065HigMay 29, 2026
    risk 0.57cvss 8.8epss 0.00

    A weakness has been identified in Shibby Tomato 1.28. This vulnerability affects the function get_ups_field of the file tomatodata.cgi. Executing a manipulation of the argument Date can lead to stack-based buffer overflow. It is possible to launch the attack remotely. This…

  • CVE-2026-10068HigMay 29, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded…

  • CVE-2013-7379May 16, 2014
    risk 0.00cvss epss 0.02

    The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a string, which allows remote attackers to bypass authentication via a string in the access-key header that partially matches config.master.api.access_key.