CVE-2026-44089

Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing...

CVE-2026-6146

Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys. Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data dump of the object. Before version 1.3.0, the secrets were encrypted using a 64-bit key that was...

CVE-2026-6146

Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys. Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data dump of the object. Before version 1.3.0, the secrets were encrypted using a 64-bit key that was...

CVE-2026-6146

creationtimestamp| type| source ---|---|--- 2026-05-11 19:47:06+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mlm23hs5hc2s 2026-05-11 19:47:06+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mlm23hs5hc2s 2026-05-11 21:34:10+00:00| seen|...

CVE-2025-6146

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to...

CVE-2025-6146

creationtimestamp| type| source ---|---|--- 2025-06-16 23:40:58+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18553 2025-06-17 00:32:47+00:00| published-proof-of-concept| Telegram/1YjoRTNXMY4RH6kXSKEWMrI4TetFUtva-ZdtH-4HJXYyJM 2025-06-17 01:08:41+00:00| seen|...

CVE-2025-6146 TOTOLINK X15 HTTP POST Request formSysLog buffer overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to...

CVE-2025-6146 TOTOLINK X15 HTTP POST Request formSysLog buffer overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to...

CVE-2019-6146

It has been reported that cross-site scripting XSS is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 Medium /AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N...

Oracle Linux 9 : python3.12 (ELSA-2024-6146)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-6146 advisory. - Security fix for CVE-2024-8088 Resolves: RHEL-55964 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. No...

RHEL 9 : python3.12 (RHSA-2024:6146)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6146 advisory. Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It...

AlmaLinux 9 : python3.12 (ALSA-2024:6146)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:6146 advisory. cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection CVE-2024-6923 Tenable has extracted the preceding...

PT-2024-6487 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200L version 9.3.5u.6146 B20201023 Description: A critical vulnerability has been found in the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to a stack-based buffer...

CVE-2024-6146 Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability

Actiontec WCB6200Q uhgetpostdatawithupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this...

PT-2023-31746 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOlink EX1200L version 9.3.5u.6146 B20201023 Description: The issue allows for arbitrary command execution via the "cstecgi.cgi" interface, specifically through the UploadFirmwareFile function. This can be exploited through the /cstecgi.cgi...

PT-2023-31745 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOlink EX1200L version 9.3.5u.6146 B20201023 Description: The issue allows for arbitrary command execution via the "cstecgi.cgi" interface, specifically through the setOpModeCfg function. This could potentially be exploited through the...

CVE-2023-6146 Stored XSS Vulnerability in QualysGuard VM/PC

A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details...

CVE-2020-6146

An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. When drawing the contents of a page and selecting the stroke color from an 'ICCBased' colorspace, the application will read a length from the file and use it as a loop...

CVE-2020-6146

Nitro Pro 13.13.2.242 and 13.16.2.300 contain a heap-based buffer overflow in ICCBased color space stroke rendering. During page drawing, the code reads a length from the file and uses it as a loop sentinel to write into a static 0x248-byte buffer, allowing an attacker to overflow the heap when t...

Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting

Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Exploit Title: Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Exploit Author: Prasenjit Kanti Paul Vendor Homepage: https://www.forcepoint.com/ Software Link: https://www.forcepoint.com/product/cloud-security/web-security...