8761 matches found
CVE-2026-48972 WordPress SeedProd Pro plugin < 6.19.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SeedProd LLC SeedProd Pro allows PHP Local File Inclusion. This issue affects SeedProd Pro: from n/a before 6.19.5...
CVE-2026-48972 WordPress SeedProd Pro plugin < 6.19.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SeedProd LLC SeedProd Pro allows PHP Local File Inclusion. This issue affects SeedProd Pro: from n/a before 6.19.5...
CVE-2026-48972
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SeedProd LLC SeedProd Pro allows PHP Local File Inclusion. This issue affects SeedProd Pro: from n/a before 6.19.5...
GHSA-36HH-X5P5-JGC8 @hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters
Impact The two parsers resolved duplicates inconsistently and silently: - Content.disposition retained the last occurrence of each parameter. - Content.type retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling primitive when another component in the...
@hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters
Impact The two parsers resolved duplicates inconsistently and silently: - Content.disposition retained the last occurrence of each parameter. - Content.type retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling primitive when another component in the...
PT-2026-43630
Impact The two parsers resolved duplicates inconsistently and silently: - Content.disposition retained the last occurrence of each parameter. - Content.type retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling primitive when another component in the...
PT-2026-43974
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SeedProd LLC SeedProd Pro allows PHP Local File Inclusion. This issue affects SeedProd Pro: from n/a before 6.19.5...
PT-2026-44031
Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi...
Permissive Cross-domain Policy with Untrusted Domains
Overview Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the SSE event server process. An attacker can access sensitive live filename streams by opening a cross-origin EventSource connection from a third-party page, allowing unauthoriz...
CVE-2026-9455
A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument FileName leads to os command injection. Remote exploitation of the...
CVE-2026-39661 WordPress SW Core plugin <= 1.7.18 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Magentech SW Core allows PHP Local File Inclusion. This issue affects SW Core: from n/a through 1.7.18...
CVE-2026-39661
CVE-2026-39661 affects the WordPress SW Core plugin (versions ≤ 1.7.18). The issue is a PHP Local File Inclusion due to improper control of the filename used in include/require (the vulnerability aligns with a PHP Remote File Inclusion pattern). The CVSS metrics indicate NETWORK attack vector, HI...
CVE-2026-39661 WordPress SW Core plugin <= 1.7.18 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Magentech SW Core allows PHP Local File Inclusion. This issue affects SW Core: from n/a through 1.7.18...
EUVD-2026-31794
A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. The attack may be performe...
EUVD-2026-31789
A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The...
CVE-2026-9531 Totolink CA750-PoE Setting cstecgi.cgi setUpgradeUboot os command injection
A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The...
CVE-2026-9531
CVE-2026-9531 details (Totolink CA750-PoE, firmware 6.2c.510) : The vulnerability affects the function setUpgradeUboot in the file /cgi-bin/cstecgi.cgi of the Setting Handler. Manipulating the argument FileName leads to an os command injection. The issue is exploitable remotely, and public exploi...
PT-2026-43206
Name of the Vulnerable Software and Affected Versions Magentech SW Core versions prior to 1.7.18 Description Improper Control of Filename for Include/Require Statement in PHP Program PHP Remote File Inclusion allows for PHP Local File Inclusion. This occurs when the application fails to properly...
TOTOLINK CA750-PoE 操作系统命令注入漏洞
TOTOLINK CA750-PoE is a wireless network access device produced by TOTOLINK Corporation. Version 6.2c.510 of TOTOLINK CA750-PoE contains a vulnerability related to operating system command injection. This vulnerability arises from improper handling of theFileName parameter in the setUpgradeUboot...
TOTOLINK CA750-PoE 操作系统命令注入漏洞
TOTOLINK CA750-PoE is a wireless network access device produced by TOTOLINK Corporation. Version 6.2c.510 of TOTOLINK CA750-PoE contains a vulnerability related to operating system command injection. This vulnerability arises from improper handling of theFileName parameter in the setUploadUserDat...