CVE-2026-9436

Totolink A8000RU Web Management (cgi-bin/cstecgi.cgi, function setL2tpServerCfg) is affected by an os command injection when manipulating the enable argument. The flaw is exploitable remotely and has an exploit published. Impact concerns high confidentiality, integrity, and availability per CVSS,...

CVE-2026-9436 Totolink A8000RU Web Management cstecgi.cgi setL2tpServerCfg os command injection

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be...

CVE-2025-9436

creationtimestamp| type| source ---|---|--- 2025-12-11 07:27:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7p2dj7gyu2e 2025-12-11 08:09:06+00:00| seen| https://gist.github.com/Darkcrai86/ec0266177855dace5ac5104b47a21776...

WordPress Widgets for Google Reviews plugin <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via trustindex Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Widgets for Google Reviews versions = 13.2.1...

MAL-2025-9436 Malicious code in @taktikangea/itaque-veniam (npm)

The package @taktikangea/itaque-veniam was found to contain malicious code...

GHSA-HRWM-9436-5MV3

creationtimestamp| type| source ---|---|--- 2025-07-11 20:15:22+00:00| seen| https://seclists.org/oss-sec/2025/q3/35...

CVE-2020-9436

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject...

Linux Distros Unpatched Vulnerability : CVE-2016-9436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file,...

CVE-2020-9436

creationtimestamp| type| source ---|---|--- 2024-10-17 16:56:47+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/787...

CVE-2024-9436

creationtimestamp| type| source ---|---|--- 2024-10-11 16:10:52+00:00| seen| https://t.me/cvedetector/7670...

WordPress PublishPress Revisions Plugin <= 3.5.14 is vulnerable to Cross Site Scripting (XSS)

Software PublishPress Revisions Type Plugin Vulnerable versions = 3.5.14 Fixed in 3.5.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9436 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3677d6c152ff Credits vgo0...

Mageia: Security Advisory (MGASA-2018-0024)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Phoenix Contact TC Router Command Injection (CVE-2020-9436)

A command injection vulnerability exists in Phoenix Contact TC Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2020-9436

Phoenix Contact TC Router and TC Cloud Client are affected by an authenticated command-injection vulnerability (CVE-2020-9436). Affected versions include TC Router 3002T-4G, 2002T-3G, VZW/ATT lines through 2.05.3 and TC Cloud Client through 2.03.17 (and older). The issue allows authenticated user...

CVE-2015-9436

CVE-2015-9436 affects the WordPress Dynamic Widgets plugin prior to 1.5.11. The issue is an XSS vulnerability caused by insufficient input validation, exploitable via wp-admin/admin-ajax.php?action=term_tree prefix or the widget_id parameter. Impact is client-side code execution in affected conte...

CVE-2019-9436

CVE-2019-9436 affects the LG Bootloader component in Android (per Pixel Update Bulletin). The issue is described as a secure boot bypass enabling local elevation of privilege (EoP) with SYSTEM privileges, with exploitation described as requiring user interaction. The vulnerability is listed as Ty...

CVE-2018-9436

CVE-2018-9436: An out-of-bounds read due to a missing bounds check in bnep_data_ind of bnep_main.cc could allow remote information disclosure on Android devices. Affected versions: Android 6.0–6.0.1, 7.0–7.1.2, 8.0–8.1. Impact: information disclosure without extra privileges or user interaction. ...

CVE-2017-9436

Affected product: TeamPass. Vulnerable component: users.queries.php. Root cause: SQL injection in the users.queries.php path as described across multiple sources (TeamPass

Fedora 25 : w3m (2017-2e6b693937)

Security fix for CVE-2016-9422, CVE-2016-9423, CVE-2016-9424, CVE-2016-9425, CVE-2016-9428, CVE-2016-9426, CVE-2016-9429, CVE-2016-9430, CVE-2016-9431, CVE-2016-9432, CVE-2016-9433, CVE-2016-9434, CVE-2016-9435, CVE-2016-9436, CVE-2016-9437, CVE-2016-9438, CVE-2016-9439, CVE-2016-9440,...

CVE-2016-9436

parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a tag...