CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2392 matches found

ZeroShell <= 1.0beta11 Remote Code Execution

ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action. id: CVE-2009-0545 info: name: ZeroShell = 1.0beta11 Remote Code Execution author: geeknik severity: critica...

10CVSS6.1AI score0.93514EPSS

Exploits2References5

EUVD•added 2 days ago•3 views

EUVD-2026-33934

A stack-based buffer overflow in the exportlanguage.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/exportlanguage.cgi endpoint. The handler passes the...

6.5AI score0.00053EPSS

Exploits0References2

Cvelist•added 2 days ago•34 views

CVE-2026-30652

A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...

0.00053EPSS

Exploits0References2

RedhatCVE•added 3 days ago•6 views

CVE-2026-10191

A vulnerability was determined in Tenda W12 3.0.0.74763. Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly...

9CVSS6.3AI score0.00088EPSS

Exploits0References1

CVE•added 3 days ago•9 views

CVE-2026-45154

Nextcloud Collectives vulnerability: from version 2.6.0 through before 4.3.0, if a collective page was deleted and the collective was shared view‑only, guests with access could directly retrieve the deleted pages from the trashbin. Root cause: improper access control. A fix is available in versio...

2.6CVSS5.7AI score0.00025EPSS

Exploits0References3

RedhatCVE•added 3 days ago•5 views

CVE-2026-10189

A vulnerability has been found in Tenda W12 3.0.0.74763. This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to t...

9CVSS6.2AI score0.00088EPSS

Exploits0References1

NVD•added 4 days ago•6 views

CVE-2026-10189

9CVSS0.00088EPSS

Exploits0References6

Vulnrichment•added 4 days ago•6 views

CVE-2026-10192 Tenda W12 httpd set_local_time_0 stack-based overflow

A vulnerability was identified in Tenda W12 3.0.0.74763. The affected element is the function setlocaltime0 of the file /bin/httpd. Such manipulation of the argument Time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used...

9CVSS6.4AI score0.00088EPSS

Exploits0References6

Cvelist•added 4 days ago•19 views

CVE-2026-10190 Tenda W12 Web Management httpd cgiSysWebTimeoutSet denial of service

A vulnerability was found in Tenda W12 3.0.0.74763. This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument webovertime results in denial of service. It is possible to launch the attack remotely. The...

7.1CVSS0.00093EPSS

Exploits0References6

NVD•added 4 days ago•10 views

CVE-2026-10188

A flaw has been found in Tenda W12 3.0.0.74763. This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

9CVSS0.00088EPSS

Exploits0References6

CNNVD•added 4 days ago•4 views

Tenda W12 安全漏洞

Tenda W12 is a high-performance wireless access point from the Chinese company Tenda. Version 3.0.0.74763 of Tenda W12 contains a security vulnerability. This vulnerability stems from a parameter “sec” in the function cgiSysTimeInfoSet in the file /bin/httpd, which leads to a stack buffer overflo...

9CVSS7.4AI score0.00088EPSS

Exploits0References6

CNNVD•added 4 days ago•4 views

Tenda W12 安全漏洞

Tenda W12 is a high-performance wireless access point from the Chinese company Tenda. Version 3.0.0.74763 of Tenda W12 contains a security vulnerability. This vulnerability stems from a parameter in the function cgistaKickOff, located in the file /bin/httpd, which causes a stack buffer overflow...

9CVSS7.7AI score0.00088EPSS

Exploits0References6

CNNVD•added 4 days ago•4 views

Tenda W12 安全漏洞

Tenda W12 is a high-performance wireless access point from the Chinese company Tenda. Version 3.0.0.74763 of Tenda W12 contains a security vulnerability. This vulnerability stems from a parameter in the function setlocaltime0 in the file/bin/httpd, where the Time value causes a stack buffer...

9CVSS7.5AI score0.00088EPSS

Exploits0References6

Positive Technologies•added 6 days ago•9 views

PT-2026-44932

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via child process.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS5.8AI score0.00048EPSS

Exploits0References2

RedhatCVE•added 2026/05/28 2:15 p.m.•11 views

CVE-2026-9454

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setOpenVpnCertGenerationCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument servername can lead to os command injection. The...

10CVSS7AI score0.01254EPSS

Exploits0References1

Positive Technologies•added 2026/05/28 12:0 a.m.•6 views

PT-2026-44375

An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...

7.8CVSS6AI score0.00011EPSS

Exploits1References2

RedhatCVE•added 2026/05/26 8:14 p.m.•9 views

CVE-2026-9435

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation of...

10CVSS7.1AI score0.01254EPSS

Exploits0References1

CVE•added 2026/05/26 5:30 a.m.•15 views

CVE-2026-9534

Summary: Totolink CA750-PoE firmware 6.2c.510 is affected by a vulnerability in the Setting Handler (file /cgi-bin/cstecgi.cgi, function setWiFiWpsConfig). A manipulation of the PIN argument can lead to an OS command injection, and the attack can be launched remotely. The exploit has been publish...

6.5CVSS6.4AI score0.04841EPSS

Exploits0References5

NVD•added 2026/05/25 11:16 p.m.•9 views

CVE-2026-9514

A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDiagPingTimeOut/NetDiagTracertHop is...

6.5CVSS0.04841EPSS

Exploits0References5

EUVD•added 2026/05/25 10:30 p.m.•6 views

EUVD-2026-31768

A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument hosttime can lead to os command injection. The attack can be launched remotely...

6.5CVSS6.4AI score0.04841EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by