CVE-2026-6028 Totolink A7100RU CGI cstecgi.cgi setPptpServerCfg os command injection

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely...

CVE-2026-6027

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack can be launched...

CVE-2026-6025 Totolink A7100RU CGI cstecgi.cgi setSyslogCfg os command injection

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The...

CVE-2026-6025

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The...

CVE-2026-6025

CVE-2026-6025 affects Totolink A7100RU (firmware 7.4cu.2313_b20191024). The vulnerability resides in the CGI handler function setSyslogCfg within /cgi-bin/cstecgi.cgi , where improper handling of the input argument enables OS command injection . The issue can be triggered remotely over the networ...

CVE-2026-6013

A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack may be performed from remote. The explo...

CVE-2026-6014

A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remotely. The exploit...

CVE-2026-6024 Tenda i6 HTTP R7WebsSecurityHandlerfunction path traversal

A vulnerability was determined in Tenda i6 1.0.0.72204. Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be...

CVE-2026-6024 Tenda i6 HTTP R7WebsSecurityHandlerfunction path traversal

A vulnerability was determined in Tenda i6 1.0.0.72204. Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be...

CVE-2026-6024

Affected product : Tenda i6 1.0.0.7(2204). Component : HTTP Handler, function R7WebsSecurityHandlerfunction . Vulnerability : path traversal caused by manipulation in R7WebsSecurityHandlerfunction, enabling remote exploitation. Impact/Details : remote attacker could initiate the attack over netwo...

CVE-2026-6016

CVE-2026-6016 affects Tenda AC9 15.03.02.13. The vulnerability exists in the decodePwd function of /goform/WizardHandle within the POST Request Handler. Adversaries can trigger a stack-based buffer overflow by manipulating the WANS argument, with the attackable surface exposed remotely. Public ex...

CVE-2026-6016

A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of the argument WANS results in stack-based buffer overflow. The attack can be initiated remotely. T...

CVE-2026-6015 Tenda AC9 POST Request QuickIndex formQuickIndex stack-based overflow

A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely...

CVE-2026-6015

A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely...

CVE-2026-6015

This CVE concerns the Tenda AC9 device (firmware version 15.03.02.13). The vulnerability affects the function formQuickIndex in the file /goform/QuickIndex of the POST Request Handler. The issue arises from manipulation of the PPPOEPassword argument, causing a stack-based buffer overflow. An atta...

CVE-2026-6007

A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /del.php. The manipulation of the argument equipname results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2026-6005

A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function of the file /hematologyprint.php. Executing a manipulation of the argument hemid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-6013 D-Link DIR-513 POST Request formSetRoute buffer overflow

A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack may be performed from remote. The explo...

CVE-2026-6013

The CVE-2026-6013 entry describes a buffer overflow in D-Link DIR-513 v1.10 affecting the POST Request Handler’s formSetRoute (/goform/formSetRoute). The vulnerable function mishandles the curTime argument, enabling a remote attacker to trigger a buffer overflow. Exploitation is described as publ...

CVE-2026-6012 D-Link DIR-513 POST Request formSetPassword buffer overflow

A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out...