CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/25 7:0 a.m.•6 views

CVE-2026-9436

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be...

10CVSS7AI score0.01317EPSS

Exploits0References6Affected Software1

ATTACKERKB•added 2026/05/25 6:45 a.m.•5 views

CVE-2026-9435

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation of...

10CVSS7.1AI score0.01254EPSS

Exploits0References5Affected Software1

EUVD•added 2026/05/25 6:30 a.m.•13 views

EUVD-2026-31640

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument wscDisabled leads to os command injection. The attack may be...

10CVSS5.6AI score0.01254EPSS

CVE•added 2026/05/25 6:15 a.m.•15 views

CVE-2026-9433

Totolink A8000RU Web Management (cstecgi.cgi, setMacFilterRules) is affected. The vulnerability allows os command injection via the enable argument in /cgi-bin/cstecgi.cgi, remotely exploitable on Totolink A8000RU 7.1cu.643_b20200521 Web Management Interface. CVSS metrics indicate critical impact...

ATTACKERKB•added 2026/05/25 6:0 a.m.•5 views

CVE-2026-9432

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument bgProtection results in os command injection. The...

Exploits0References5Affected Software1

EUVD•added 2026/05/25 6:0 a.m.•6 views

EUVD-2026-31637

10CVSS5.6AI score0.01254EPSS

Vulnrichment•added 2026/05/25 6:0 a.m.•6 views

CVE-2026-9432 Totolink A8000RU Web Management cstecgi.cgi setWiFiAdvancedCfg os command injection

Cvelist•added 2026/05/25 6:0 a.m.•31 views

CVE-2026-9432 Totolink A8000RU Web Management cstecgi.cgi setWiFiAdvancedCfg os command injection

10CVSS0.01254EPSS

CVE•added 2026/05/25 6:0 a.m.•17 views

CVE-2026-9432

The vulnerability CVE-2026-9432 affects Totolink A8000RU Web Management, specifically the /cgi-bin/cstecgi.cgi function setWiFiAdvancedCfg. The issue stems from manipulating the bgProtection argument, enabling OS command injection. Impact is remote, with high confidentiality, integrity, and avail...

NVD•added 2026/05/25 5:16 a.m.•8 views

CVE-2026-9424

A weakness has been identified in Edimax EW-7438RPn 1.31. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component Content-Type Handler. Executing a manipulation of the argument...

6.5CVSS0.01409EPSS

NVD•added 2026/05/25 5:16 a.m.•8 views

CVE-2026-9423

A security flaw has been discovered in Edimax BR-6675nD 1.12. Impacted is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. The exploit has been releas...

5.8CVSS0.00324EPSS

Nuclei•added 2026/05/25 4:37 a.m.•63 views

Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution

Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution. id: CVE-2021-40539 info: name: Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution author:...

9.8CVSS7.8AI score0.94424EPSS

Exploits8References5

Nuclei•added 2026/05/25 4:37 a.m.•38 views

vBulletin 5.0.0-5.5.4 - Remote Command Execution

vBulletin 5.0.0 through 5.5.4 is susceptible to a remote command execution vulnerability via the widgetConfig parameter in an ajax/render/widgetphp routestring request. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system...

9.8CVSS7.7AI score0.9443EPSS

Exploits27References5

Nuclei•added 2026/05/25 4:37 a.m.•204 views

Oracle WebLogic Server - Remote Command Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. id: CVE-2019-2725 info: name: Oracle WebLogic...

9.8CVSS7.3AI score0.94468EPSS

Exploits35References5

Nuclei•added 2026/05/25 4:37 a.m.•12 views

WS_FTP Server - Insecure Deserialization

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system. id: CVE-2023-40044 info: name: WSFTP Server - Insecure...

10CVSS7.6AI score0.94436EPSS

Exploits5References5

Nuclei•added 2026/05/25 4:37 a.m.•43 views

Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware Web Services versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic...

7.4CVSS7.4AI score0.94412EPSS

Exploits9References5

EUVD•added 2026/05/25 4:0 a.m.•9 views

EUVD-2026-31628

6.5CVSS6.3AI score0.01409EPSS