CVE-2026-6026 Totolink A7100RU CGI cstecgi.cgi setPortalConfWeChat os command injection

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument enable results in os command injection. The attack can ...

PT-2025-51973

Name of the Vulnerable Software and Affected Versions Open OnDemand versions prior to 4.1 Description Open OnDemand provides remote web access to supercomputers. The Apache proxy in versions 4.0.8 and earlier allows sensitive headers to be passed to origin servers. This could allow malicious user...

CVE-2023-49230

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication...

CVE-2022-0018

An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. This product...

Default configuration

Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulted to true...

CVE-2014-6196

Cross-site scripting XSS vulnerability in IBM Web Experience Factory WEF 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework WDF and Lotus Widget Factory LWF, allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Web Experience Factory WEF 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework WDF and Lotus Widget Factory LWF, allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere...

CVE-2014-6196

Cross-site scripting XSS vulnerability in IBM Web Experience Factory WEF 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework WDF and Lotus Widget Factory LWF, allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSphere...