893 matches found
CVE-2026-22227
A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise...
CVE-2026-22227 Command Injection Vulnerability on TP-Link Archer BE230 v1.2
A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise...
CVE-2026-22226
A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on TP-Link Archer BE230 v1.2 and Archer AX73 v2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe...
CVE-2026-22226 Command Injection Vulnerability on TP-Link Archer BE230 and AX73
A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on TP-Link Archer BE230 v1.2 and Archer AX73 v2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe...
CVE-2026-22226 Command Injection Vulnerability on TP-Link Archer BE230 and AX73
A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on TP-Link Archer BE230 v1.2 and Archer AX73 v2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe...
CVE-2026-22225
CVE-2026-22225 describes a command-injection vulnerability in the TP-Link Archer BE230 v1.2, exploitable after admin authentication in the VPN Connection Service. Affected: Archer BE230 v1.2 with builds earlier than 1.2.4 (Build 20251218 rel.70420). Impact: attacker could obtain full administrati...
CVE-2026-22225
A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2 and Archer AXE75 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...
CVE-2026-22225 Command Injection Vulnerability on TP-Link Archer BE230 v1.2 and AXE75 v1.0
A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2 and Archer AXE75 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...
CVE-2026-22224 Command Injection Vulnerability on TP-Link Archer BE230 v1.2
A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...
CVE-2026-22224 Command Injection Vulnerability on TP-Link Archer BE230 v1.2
A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...
EUVD-2026-5085
A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...
📄 Clicky by Yoast 1.4.3 Cross Site Scripting
Multiple persistent cross site scripting vulnerabilities exist in Clicky by Yoast WordPress Plugin version 1.4.3. This issue is older research added to the archive. Clicky by Yoast 1.4.3 - Multiple Stored Cross-site Scripting Advisory ID: RO-16-006 Severity: Medium Vendor: Yoast Product: Clicky b...
PT-2026-5691
A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise...
📄 WP Flash Player 1.3 Cross Site Scripting
Multiple cross site scripting vulnerabilities exist in WP Flash Player WordPress Plugin version 1.3. This issue is older research added to the archive. WP Flash Player 1.3 - Multiple Cross-site Scripting Advisory ID: RO-15-011 Severity: High Vendor: WordPress Product: WP Flash Player Version: 1.3...
PT-2026-5688
A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...
📄 WP-Polls 2.73 Cross Site Scripting
A cross site scripting vulnerability exists in WP-Polls WordPress Plugin version 2.73. This issue is older research added to the archive. WP-Polls 2.73 - Reflected Cross-site Scripting Advisory ID: RO-16-005 CVE ID: CVE-2016-10936 Severity: Medium Vendor: WordPress Product: WP-Polls Version: 2.73...
CVE-2025-15549
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the...
PT-2026-5491
Name of the Vulnerable Software and Affected Versions Navigate CMS version 2.8.7 Description Navigate CMS 2.8.7 is susceptible to a cross-site request forgery condition. This allows attackers to upload malicious extensions through a specially crafted HTML page. An attacker can deceive authenticat...
CVE-2026-1053 Ivory Search <= 5.5.13 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_gcse' and 'nothing_found_text' Parameters
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-59473
SQL Injection vulnerability in the Structure for Admin authenticated user...