CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/04/10 2:0 a.m.•6 views

EUVD-2026-21282

5.3CVSS5.5AI score0.00259EPSS

EUVD•added 2026/04/10 1:45 a.m.•5 views

EUVD-2026-21280

A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor...

Vulnrichment•added 2026/04/10 1:45 a.m.•3 views

CVE-2026-5999 JeecgBoot SysAnnouncementController improper authorization

Cvelist•added 2026/04/10 1:45 a.m.•30 views

CVE-2026-5999 JeecgBoot SysAnnouncementController improper authorization

6.5CVSS0.00209EPSS

CVE•added 2026/04/10 1:45 a.m.•5 views

CVE-2026-5999

CVE-2026-5999 affects JeecgBoot (up to version 3.9.1) and specifically the SysAnnouncementController. The issue is described as improper authorization in an unknown function of that component. It can be exploited remotely, with the exploit disclosed publicly and applicable to at least some deploy...

ATTACKERKB•added 2026/04/10 1:45 a.m.•3 views

CVE-2026-5999

ATTACKERKB•added 2026/04/10 1:30 a.m.•1 views

CVE-2026-5998

A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function dispatch of the file agent/memory/service.py of the component API Memory Content Endpoint. This manipulation of the argument filename causes path traversal. The attack can be initiated remotely. Th...

6.9CVSS5.6AI score0.00632EPSS

Exploits0References7Affected Software1

Cvelist•added 2026/04/10 1:30 a.m.•32 views

CVE-2026-5998 zhayujie chatgpt-on-wechat CowAgent API Memory Content Endpoint service.py dispatch path traversal

6.9CVSS0.00632EPSS

Exploits0References7

CVE•added 2026/04/10 1:30 a.m.•9 views

CVE-2026-5998

The CVE-2026-5998 vulnerability affects zhayujie chatgpt-on-wechat CowAgent (up to 2.0.4) in the API Memory Content Endpoint’s dispatch function (service.py). An attacker can manipulate the filename argument, enabling path traversal and remote exploitation. The issue has been publicly reported wi...

6.9CVSS5.6AI score0.00632EPSS

Exploits0References7

RedhatCVE•added 2026/04/10 1:22 a.m.•2 views

CVE-2026-5806

A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly a...

5.1CVSS4.2AI score0.0024EPSS

Exploits0References1

Vulnrichment•added 2026/04/10 1:15 a.m.•0 views

CVE-2026-5997 Totolink A7100RU CGI cstecgi.cgi setLoginPasswordCfg os command injection

A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass results in os command injection. It is possible to launch the atta...

10CVSS7AI score0.01803EPSS

CVE•added 2026/04/10 1:15 a.m.•11 views

CVE-2026-5997

CVE-2026-5997 affects Totolink A7100RU (firmware 7.4cu.2313_b20191024). The vulnerable element is the CGI handler function setLoginPasswordCfg in the file /cgi-bin/cstecgi.cgi . Manipulation of the argument admpass results in OS command injection , with remote execution possible. Public exploitat...

10CVSS7AI score0.01803EPSS

ATTACKERKB•added 2026/04/10 1:0 a.m.•6 views

CVE-2026-5996

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ttyserver leads to os command injection. It is possible to...

10CVSS6.9AI score0.01823EPSS

Exploits0References5Affected Software1

EUVD•added 2026/04/10 12:30 a.m.•6 views

EUVD-2026-21222

A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The...

9CVSS7.8AI score0.00676EPSS

Exploits1References6

EUVD•added 2026/04/10 12:30 a.m.•2 views

EUVD-2026-21239

A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used...

9CVSS7.8AI score0.00511EPSS

EUVD•added 2026/04/10 12:30 a.m.•6 views

EUVD-2026-21189

A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has...

9CVSS7.8AI score0.00715EPSS

Exploits1References6

EUVD•added 2026/04/10 12:30 a.m.•3 views

EUVD-2026-21244

A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be...

9CVSS7.8AI score0.00511EPSS

EUVD•added 2026/04/10 12:30 a.m.•2 views

EUVD-2026-21238

A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Performing a manipulation of the argument mitssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be...

9CVSS7.8AI score0.00511EPSS