CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 5 days ago•9 views

CVE-2026-12808

The CVE-2026-12808 entry concerns Edimax BR-6478AC V2 (firmware 1.23) with an issue in the POST Request Handler’s /goform/stainfo function, specifically the stainfo interface argument manipulation that enables command injection. The vulnerability is exploitable remotely, with public disclosure of...

Cvelist•added 5 days ago•17 views

CVE-2026-12807 Edimax BR-6478AC V2 POST Request setWAN command injection

A vulnerability was found in Edimax BR-6478AC V2 1.23. This affects the function setWAN of the file /goform/setWAN of the component POST Request Handler. The manipulation of the argument pppUserName/pptpUserName/L2TPUserName results in command injection. It is possible to launch the attack...

6.5CVSS0.01182EPSS

EUVD•added 5 days ago•8 views

EUVD-2026-38193

ATTACKERKB•added 5 days ago•6 views

CVE-2026-12807

Exploits0References5Affected Software1

CVE•added 5 days ago•14 views

CVE-2026-12807

The CVE affects Edimax BR-6478AC V2, version 1.23, where the vulnerable component is the POST Request Handler function setWAN (file /goform/setWAN). Maliciously crafted values for pppUserName, pptpUserName, or L2TPUserName enable command injection, allowing a remote attacker to execute commands. ...

IBM Security Bulletins•added 5 days ago•3 views

Security Bulletin: Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection

Summary Langflow OSS contains unauthenticated RCE vulnerability in PythonREPLComponent "Python Interpreter". Component's getglobals builds restricted globals dict from globalimports whitelist default: "math" but never sets globals"builtins" = . CPython's exec automatically inserts full builtins...

10CVSS6.4AI score0.00529EPSS

Exploits0Affected Software1

NVD•added 5 days ago•8 views

CVE-2026-56383

Craft CMS contains a stored cross-site scripting XSS vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account with allowAdminChanges...

4.8CVSS0.00177EPSS

Exploits0References3

ATTACKERKB•added 5 days ago•6 views

CVE-2026-56395

SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package...

9.6CVSS6.7AI score0.00391EPSS

Exploits0References3

EUVD•added 5 days ago•6 views

EUVD-2026-38175

Craft CMS from version 5.0.0-RC1 contains a stored cross-site scripting vulnerability in the User Permissions page where user group names are rendered without proper HTML escaping. Attackers with admin access can inject arbitrary JavaScript via the user group name field that executes when other...

4.8CVSS5.8AI score0.00148EPSS

Exploits0References2

NVD•added 5 days ago•10 views

CVE-2026-12789

A vulnerability was identified in ILIAS Learning Management System 11.0. This issue affects the function ilTrQuery::executeQueries of the file components/ILIAS/Tracking/classes/class.ilTrQuery.php of the component Learning Progress Tracking. Such manipulation of the argument trouptablenav leads t...

5.8CVSS0.00206EPSS

EUVD•added 5 days ago•9 views

EUVD-2026-38153

5.8CVSS5.7AI score0.00206EPSS

CVE•added 5 days ago•18 views

CVE-2026-12789

The CVE concerns ILIAS Learning Management System 11.0. The vulnerability affects the function ilTrQuery::executeQueries (file: components/ILIAS/Tracking/classes/class.ilTrQuery.php) in the Learning Progress Tracking component. The issue arises from manipulation of the troup_table_nav argument, l...

5.8CVSS5.7AI score0.00206EPSS

Cvelist•added 5 days ago•34 views

CVE-2026-12789 ILIAS Learning Management System Learning Progress Tracking class.ilTrQuery.php executeQueries sql injection

5.8CVSS0.00206EPSS

NVD•added 5 days ago•8 views

CVE-2026-12776

A flaw has been found in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. This affects an unknown part of the file /index.php?page=houses. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has...

6.5CVSS0.00192EPSS

CVE•added 5 days ago•17 views

CVE-2026-12776

Montodel House-Rental-Management is affected by an SQL injection in /index.php?page=houses triggered by manipulating the ID parameter. The flaw affects the application as a whole with a remote-access exploit published and the vendor pursuing a rolling-release strategy, making exact affected versi...

6.5CVSS6.3AI score0.00192EPSS

Cvelist•added 5 days ago•29 views

CVE-2026-12776 Montodel House-Rental-Management index.php houses sql injection

6.5CVSS0.00192EPSS

EUVD•added 5 days ago•8 views

EUVD-2026-38142

6.5CVSS5.6AI score0.00192EPSS

CVE•added 5 days ago•14 views

CVE-2026-12775

CVE-2026-12775 affects Montodel House-Rental-Management, with the vulnerability in the /login.php script. The issue arises from manipulating the Username argument, which leads to an SQL injection. Attacks can be conducted remotely, and public exploitation is indicated. The affected software uses ...

7.5CVSS6.9AI score0.00259EPSS

EUVD•added 5 days ago•8 views

EUVD-2026-38141

A vulnerability was detected in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. Th...

7.5CVSS5.7AI score0.00259EPSS