CVE-2026-5207

creationtimestamp| type| source ---|---|--- 2026-04-11 02:10:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj6r3a35zt2r...

VulnCheck KEV: CVE-2024-9001

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. The...

CVE-2025-6137

A vulnerability classified as critical has been found in TOTOLINK T10 4.1.8cu.5207. Affected is the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the...

CVE-2025-5904

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument devicename leads to buffer overflow. Th...

TOTOLINK T10 安全漏洞

The TOTOLINK T10 is a wireless router manufactured by TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK T10 4.1.8cu.5207. The vulnerability affects the UploadCustomModule function in the /cgi-bin/cstecgi.cgi file in the POST request handling component. An attacker could use this...

TOTOLINK T10 安全漏洞

The TOTOLINK T10 is a wireless router from TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK T10 version 4.1.8cu.5207, which affects the function setWiFiRepeaterCfg in the /cgi-bin/cstecgi.cgi file of the component's POST request handler.An attacker can exploit the vulnerability by...

CVE-2025-5207

creationtimestamp| type| source ---|---|--- 2025-05-26 22:48:09+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17582 2025-05-26 23:42:03+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq4dxejyltj2 2025-05-26...

CVE-2025-5207 SourceCodester Client Database Management System superadmin_update_profile.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. Affected by this issue is some unknown functionality of the file /superadminupdateprofile.php. The manipulation of the argument nickname/email leads to sql injection. The...

CVE-2010-5207

Multiple untrusted search path vulnerabilities in CelFrame Office 2008 Standard Edition allow local users to gain privileges via a Trojan horse 1 javamsci.dll or 2 mscijava.dll file in the current working directory, as demonstrated by a directory that contains a .doc, .xls, or .odg file. NOTE: so...

Linux Distros Unpatched Vulnerability : CVE-2018-5207

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. CVE-2018-5207 Note that Nessus relies on the presen...

CVE-2024-8573

A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc/week/sTime/eTime leads to buffer overflow. It is...

PT-2024-39114 · Totolink · Totolink Ac1200 T10 +1

Name of the Vulnerable Software and Affected Versions: TOTOLINK AC1200 T8 and AC1200 T10 versions 4.1.5cu.861 B20230220 through 4.1.8cu.5207 Description: A critical vulnerability was found in the affected software. The issue affects the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi...

CVE-2024-5207

creationtimestamp| type| source ---|---|--- 2024-06-06 11:43:34+00:00| seen| https://t.me/cyberbannewsir/12224...

WordPress Post SMTP Plugin <= 2.9.3 is vulnerable to SQL Injection

Software Post SMTP Type Plugin Vulnerable versions = 2.9.3 Fixed in 2.9.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5207 Patch priority Low CVSS severity Low 7.6 Developer WPExperts PSID ff0923d41368 Credits Le Ngoc Anh Required privilege Administrator Published 30 May,...

Malicious code in wlwz-2312-5207 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0cf34a35559ad40802c96ccd4deb019d40e68132439ff8b53dfeee481c64fd91 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-645 Malicious code in wlwz-2312-5207 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0cf34a35559ad40802c96ccd4deb019d40e68132439ff8b53dfeee481c64fd91 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-5207

A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user...

CVE-2023-5207

Affected software: GitLab CE/EE. Vulnerability summary: An authenticated attacker could perform arbitrary pipeline execution under the context of another user. Affected versions include GitLab 16.0 and later up to but not including 16.2.8, 16.3 up to but not including 16.3.5, and 16.4 up to but n...

CVE-2023-5207 Execution with Unnecessary Privileges in GitLab

A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user...

GitLab 16.0.0 < 16.2.8 / 16.3 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-5207)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitra...