Lucene search
K

409 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.10 views

RHEL 10 : tomcat (RHSA-2026:18537)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18537 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat:...

9.6CVSS6AI score0.09917EPSS
Exploits1References10
Snyk
Snyk
added 2026/05/13 3:29 p.m.7 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the handling of internal service references by the Gateway API provider. An attacker can gain unauthorized dynamic configuration write access by creating or updating an HTTPRoute that targets rest@internal, even...

9.9CVSS5.5AI score0.00468EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/11 12:32 p.m.13 views

EUVD-2025-209759

The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x...

6.3CVSS5.8AI score0.00174EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 9:37 a.m.10 views

CVE-2025-8325 Improper Access Control via Gateway API in Multiple WSO2 Products Allows Unauthorized Operations

The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x...

6.3CVSS5.8AI score0.00174EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 5:16 a.m.16 views

CVE-2026-8271

A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgispeed/cgidhcpdlease/cgiddns/cgisetip/cgiupnpdel/cgidhcpd/cgiupnpadd/cgiupnpedit of the file /cgi-bin/networkmgr.cgi. The manipulation leads to os command injection. The attack is possible to be carri...

7.2CVSS0.04637EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/05/10 4:0 a.m.58 views

CVE-2026-8228 Wavlink NU516U1 wireless.cgi advance os command injection

A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of the argument wlanconf/Channel/skiplist/ieee80211h leads to os command injection. The attack may be launched remotely. The exploit has been...

6.5CVSS0.04807EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

Wavlink NU516U1 命令注入漏洞

Wavlink NU516U1 is a wireless printing server developed by Wavlink Corporation. The Wavlink NU516U1 240425 version has a command injection vulnerability. This vulnerability stems from the operation of the WifiBasic function in the file/cgi-bin/wireless.cgi regarding the parameters...

8.8CVSS6.7AI score0.04944EPSS
Exploits1References1
SUSE Linux
SUSE Linux
added 2026/05/07 7:0 a.m.12 views

Security update for python-Django

This update for python-Django fixes the following issues CVE-2026-3902: headers spoofing by exploiting an ambiguous mapping of two header variants in ASGIRequest requests bsc1261729. CVE-2026-4277: permissions on inline model instances were not validated on submission of forged POST data in...

6.9CVSS5.8AI score0.00879EPSS
Exploits1References32
NVD
NVD
added 2026/05/06 3:16 p.m.12 views

CVE-2025-52613

HCL BigFix Service Management SM is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access...

8.8CVSS0.00234EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:15 p.m.3 views

CVE-2026-7857

A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /usergroup.asp of the component CGI Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and m...

8.6CVSS7.3AI score0.04164EPSS
Exploits1References5Affected Software1
UbuntuCve
UbuntuCve
added 2026/05/05 2:0 p.m.7 views

CVE-2026-5766

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

6.3CVSS5.7AI score0.00423EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/01 1:30 a.m.43 views

CVE-2026-7538 Totolink A8000RU CGI cstecgi.cgi vulnerability os command injection

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The explo...

10CVSS0.01823EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.13 views

TOTOLINK A8000RU 命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from an unknown function in the CGI Handler component file /cgi-bin/cstecgi.cgi, which manipulates th...

10CVSS7.3AI score0.01823EPSS
Exploits0References1
CVE
CVE
added 2026/04/28 8:45 a.m.26 views

CVE-2026-7248

CVE-2026-7248 affects D-Link DI-8100 (firmware 16.07.26A1). The CGI Endpoint tgfile.htm component function tgfile_htm is vulnerable: manipulating the fn argument triggers a buffer overflow. The issue is remotely exploitable and an exploit has been publicized. No remediation details are provided i...

10CVSS9.1AI score0.02154EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/04/28 8:15 a.m.15 views

CVE-2026-7244

The CVE concerns Totolink A8000RU (firmware 7.1cu.643_b20200521). Affects CGI Handler: function setWiFiEasyGuestCfg in /cgi-bin/cstecgi.cgi. The vulnerability arises from improper handling of the merge argument, enabling os command injection. Remote exploitation is possible, and public exploits e...

10CVSS8.3AI score0.02421EPSS
Exploits0References5
CVE
CVE
added 2026/04/28 7:30 a.m.17 views

CVE-2026-7241

The CVE-2026-7241 issue affects Totolink A8000RU (firmware 7.1cu.643_b20200521) in the CGI Handler’s file /cgi-bin/cstecgi.cgi, specifically the setWiFiBasicCfg function. A manipulation of the wifiOff argument enables OS command injection, with remote feasibility and public-exploit availability. ...

10CVSS8.1AI score0.02448EPSS
Exploits0References5
NVD
NVD
added 2026/04/28 1:16 a.m.9 views

CVE-2026-7203

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely...

10CVSS0.02448EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/28 12:15 a.m.6 views

EUVD-2026-25961

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The...

10CVSS8.3AI score0.02448EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/28 12:0 a.m.4 views

CVE-2026-7203

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely...

10CVSS8.2AI score0.02448EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.12 views

PT-2026-35572

A vulnerability was found in Totolink A8000RU 7.1cu.643 b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely...

10CVSS5.2AI score0.02448EPSS
Exploits0References10
Rows per page
Query Builder