10 matches found
CVE-2026-56322
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /updates endpoint that resolves the defaultChannel parameter before privacy restrictions, enabling enumeration of private channels and leakage of version/config state. Unauthenticated attackers can probe...
CVE-2026-8188
A vulnerability has been found in Wavlink NU516U1 M16U1V240425. Affected is the function changewifipassword of the file /cgi-bin/adm.cgi. The manipulation of the argument wlchannel/wlPass/EncrypType leads to os command injection. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2026-2535 Comfast CF-N1 V2 mbox-config sub_44AB9C command injection
A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub44AB9C of the file /cgi-bin/mbox-config?method=SET§ion=ptestchannel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been...
CVE-2026-2535 Comfast CF-N1 V2 mbox-config sub_44AB9C command injection
A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub44AB9C of the file /cgi-bin/mbox-config?method=SET§ion=ptestchannel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been...
WordPress Digihood HTML Sitemap plugin <= 3.1.1 - Reflected Cross-Site Scripting via 'channel' vulnerability
Reflected Cross-Site Scripting via 'channel' vulnerability discovered by vgo0 in WordPress Plugin Digihood HTML Sitemap versions = 3.1.1...
EUVD-2018-19738
Malware in sbrugna...
The vulnerability of the Bluetooth HOST microprogramming system component in Qualcomm’s embedded chips allows a perpetrator to gain unauthorized access to protected information or cause service failures.
The vulnerability of the Bluetooth HOST microprogramming system component in Qualcomm embedded chips relates to the lack of checks on buffer length and reading beyond the memory boundary when processing the l2cap parameter. Exploiting this vulnerability can allow an attacker to gain unauthorized...
WordPress: Reflected XSS on https://make.wordpress.org via 'channel' parameter
Hi there, I just found a reflected XSS on make.wordpress.org domain. steps to reproduce : 1. visit this link : https://make.wordpress.org/chat/logs?channel=16%22%3E%3Cimg%20src=x%20onerror=alertdocument.domain%3E&date=2019-07-21&nobots=1 2. xss pop up will occurs POC: see:wp reflected xss.png Not...
SQL Injection Vulnerability in 'channel' Parameter of Founder Xiangyu Web Content Management System
Founder Xiangyu website content management system is a full-process management platform for website information publishing. A SQL injection vulnerability exists in the Founder Xiangyu Web Content Management System. The lack of filtering of the 'channel' parameter allows an attacker to exploit the...
CVE-2015-2250
Multiple cross-site scripting XSS vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the 1 bannedword parameter to index.php/dashboard/system/conversations/bannedwords/success, 2 channel parameter to index.php/dashboard/reports/logs/view, 3...