Lucene search
K

893 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/02 5:56 p.m.4 views

CVE-2026-22227

A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise...

8.5CVSS5.7AI score0.02605EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/02 5:56 p.m.35 views

CVE-2026-22227 Command Injection Vulnerability on TP-Link Archer BE230 v1.2

A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise...

8.5CVSS0.02605EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/02 5:55 p.m.5 views

CVE-2026-22226

A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on TP-Link Archer BE230 v1.2 and Archer AX73 v2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe...

8.5CVSS6.1AI score0.02394EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/02/02 5:55 p.m.4 views

CVE-2026-22226 Command Injection Vulnerability on TP-Link Archer BE230 and AX73

A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on TP-Link Archer BE230 v1.2 and Archer AX73 v2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe...

8.5CVSS6.1AI score0.02394EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/02 5:55 p.m.31 views

CVE-2026-22226 Command Injection Vulnerability on TP-Link Archer BE230 and AX73

A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on TP-Link Archer BE230 v1.2 and Archer AX73 v2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe...

8.5CVSS0.02394EPSS
Exploits0References6
CVE
CVE
added 2026/02/02 5:53 p.m.21 views

CVE-2026-22225

CVE-2026-22225 describes a command-injection vulnerability in the TP-Link Archer BE230 v1.2, exploitable after admin authentication in the VPN Connection Service. Affected: Archer BE230 v1.2 with builds earlier than 1.2.4 (Build 20251218 rel.70420). Impact: attacker could obtain full administrati...

8.5CVSS6.1AI score0.02682EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/02 5:53 p.m.8 views

CVE-2026-22225

A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2 and Archer AXE75 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

8.5CVSS6.1AI score0.02682EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/02/02 5:53 p.m.35 views

CVE-2026-22225 Command Injection Vulnerability on TP-Link Archer BE230 v1.2 and AXE75 v1.0

A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2 and Archer AXE75 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

8.5CVSS0.02682EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/02 5:52 p.m.6 views

CVE-2026-22224 Command Injection Vulnerability on TP-Link Archer BE230 v1.2

A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

8.5CVSS5.8AI score0.02597EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/02 5:52 p.m.31 views

CVE-2026-22224 Command Injection Vulnerability on TP-Link Archer BE230 v1.2

A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

8.5CVSS0.02597EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/02 5:52 p.m.6 views

EUVD-2026-5085

A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

8.5CVSS5.8AI score0.02597EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.125 views

📄 Clicky by Yoast 1.4.3 Cross Site Scripting

Multiple persistent cross site scripting vulnerabilities exist in Clicky by Yoast WordPress Plugin version 1.4.3. This issue is older research added to the archive. Clicky by Yoast 1.4.3 - Multiple Stored Cross-site Scripting Advisory ID: RO-16-006 Severity: Medium Vendor: Yoast Product: Clicky b...

5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.11 views

PT-2026-5691

A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise...

8.5CVSS5.7AI score0.02605EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.142 views

📄 WP Flash Player 1.3 Cross Site Scripting

Multiple cross site scripting vulnerabilities exist in WP Flash Player WordPress Plugin version 1.3. This issue is older research added to the archive. WP Flash Player 1.3 - Multiple Cross-site Scripting Advisory ID: RO-15-011 Severity: High Vendor: WordPress Product: WP Flash Player Version: 1.3...

5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.15 views

PT-2026-5688

A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

8.5CVSS5.8AI score0.02597EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.152 views

📄 WP-Polls 2.73 Cross Site Scripting

A cross site scripting vulnerability exists in WP-Polls WordPress Plugin version 2.73. This issue is older research added to the archive. WP-Polls 2.73 - Reflected Cross-site Scripting Advisory ID: RO-16-005 CVE ID: CVE-2016-10936 Severity: Medium Vendor: WordPress Product: WP-Polls Version: 2.73...

6.1CVSS4.9AI score0.00917EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/30 9:23 p.m.12 views

CVE-2025-15549

FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the...

4.8CVSS5.9AI score0.00226EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.6 views

PT-2026-5491

Name of the Vulnerable Software and Affected Versions Navigate CMS version 2.8.7 Description Navigate CMS 2.8.7 is susceptible to a cross-site request forgery condition. This allows attackers to upload malicious extensions through a specially crafted HTML page. An attacker can deceive authenticat...

5.1CVSS5.3AI score0.00203EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/01/28 8:26 a.m.37 views

CVE-2026-1053 Ivory Search <= 5.5.13 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_gcse' and 'nothing_found_text' Parameters

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00261EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/28 3:16 a.m.10 views

CVE-2025-59473

SQL Injection vulnerability in the Structure for Admin authenticated user...

7.2CVSS5.9AI score0.00259EPSS
Exploits0References1
Rows per page
Query Builder