185 matches found
CVE-2026-4840
CVE-2026-4840 affects Netcore Power 15AX up to 3.0.0.6938, specifically the Diagnostic Tool Interface’s /bin/netis.cgi function setTools. The issue arises from manipulating the IpAddr argument, enabling an OS command injection. Remote exploitation is possible, and the exploit has been released pu...
PT-2026-26341
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open source discussion platform. Insufficient cleanup in the default Codepen allowed iframes...
EUVD-2025-208833
The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...
CVE-2025-55045
The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...
CVE-2025-55045
The CVE-2025-55045 issue affects MuraCMS (up to 10.1.10) due to a CSRF flaw in the cUsers.updateAddress function. The vulnerability allows a crafted webpage to cause an authenticated administrator’s browser to submit requests that add, modify, or delete user addresses without proper CSRF token va...
PT-2026-26083
The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...
CVE-2026-4284
A vulnerability was determined in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. This issue affects the function downloadFile of the file - yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/PPTUtil.java of th...
CVE-2026-3613
A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub401A0C of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly...
D-Link DSL-124 安全漏洞
The D-Link DSL-124 is a wired modem-router integrated device produced by D-Link Corporation. The D-Link DSL-124 ME1.00 version contains a security vulnerability. This vulnerability stems from improper session management, which may allow attackers to execute session hijacking attacks by manipulati...
CVE-2026-3189 feiyuchuixue sz-boot-parent download server-side request forgery
A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability affects unknown code of the file /api/admin/common/files/download. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be executed remotely. Attacks ...
GCOM EPON 1GE 安全漏洞
GCOM EPON 1GE is a fiber-optic access device developed by GCOM Corporation. The GCOM EPON 1GE ONU C00R371V00B01 version contains a security vulnerability. This vulnerability stems from improper session management, and it could allow attackers to carry out session hijacking attacks by manipulating...
CVE-2026-2954 Dromara UJCMS ImportDataController import-channel importChanel injection
A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate th...
Insecure Direct Object Reference (IDOR)
spreeapi is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper ownership validation in the guest checkout flow, which allows an attacker to manipulate address ID parameters and bind arbitrary guest addresses to their order...
CVE-2026-2856
A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub424AFC of the file /boafrm/formFilter of the component Filter Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be...
CVE-2026-2857 D-Link DWR-M960 Port Forwarding Configuration Endpoint formPortFw sub_423E00 stack-based overflow
A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub423E00 of the file /boafrm/formPortFw of the component Port Forwarding Configuration Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation ...
CVE-2026-2857
A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub423E00 of the file /boafrm/formPortFw of the component Port Forwarding Configuration Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation ...
PT-2026-21287
A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the function sub 462E14 of the file /boafrm/formSysLog of the component System Log Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated...
CVE-2025-15577
An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older...
CVE-2025-15577
CVE-2025-15577 : An unauthenticated attacker can exploit a URL manipulation vulnerability to achieve arbitrary file read on Valmet DNA Web Tools: C2022 and older. The CVE is rated CRITICAL (CVSSv4.0: AV:N/AC:L/PR:N/UI:N/S:U/VI:N/VC:H/VS:N/VA:N/AT:N/AC:H/E:P) with network access, low complexity, a...
CVE-2025-15577
An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older...