CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1596 matches found

NVD•added 2026/01/08 11:15 p.m.•3 views

CVE-2026-0731

A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been...

7.5CVSS0.00154EPSS

Exploits1References6

OSV•added 2026/01/08 11:15 p.m.•2 views

CVE-2026-0731

7.5CVSS5.3AI score0.00154EPSS

Exploits1References6

Vulnrichment•added 2026/01/08 11:2 p.m.•2 views

CVE-2026-0731 TOTOLINK WA1200 HTTP Request cstecgi.cgi null pointer dereference

6.9CVSS6.5AI score0.00154EPSS

Exploits1References6

Cvelist•added 2026/01/08 11:2 p.m.•21 views

CVE-2026-0731 TOTOLINK WA1200 HTTP Request cstecgi.cgi null pointer dereference

6.9CVSS0.00154EPSS

Exploits1References6

RedhatCVE•added 2026/01/07 9:18 a.m.•5 views

CVE-2025-1357

A vulnerability classified as problematic has been found in Seventh D-Guard up to 20250206. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

5.3CVSS6.7AI score0.00182EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:8 a.m.•4 views

CVE-2024-2909

A vulnerability classified as critical was found in Ruijie RG-EG350 up to 20240318. Affected by this vulnerability is the function setAction of the file /itboxpi/networksafe.php?a=set of the component HTTP POST Request Handler. The manipulation of the argument bandwidth leads to os command...

9CVSS9.1AI score0.03457EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:8 a.m.•3 views

CVE-2024-2271

A vulnerability classified as critical has been found in keerti1924 Online-Book-Store-Website 1.0. This affects an unknown part of the file /shop.php of the component HTTP POST Request Handler. The manipulation of the argument productname leads to sql injection. It is possible to initiate the...

9.8CVSS7.3AI score0.00064EPSS

Exploits0References1

Vulnrichment•added 2026/01/05 3:32 a.m.•3 views

CVE-2025-15455 bg5sbk MiniCMS File Recovery Request page.php delete_page improper authentication

A flaw has been found in bg5sbk MiniCMS up to 1.8. Impacted is the function deletepage of the file /minicms/mc-admin/page.php of the component File Recovery Request Handler. This manipulation causes improper authentication. The attack is possible to be carried out remotely. The exploit has been...

6.9CVSS6.2AI score0.00048EPSS

Exploits1References4

Positive Technologies•added 2026/01/04 12:0 a.m.•4 views

PT-2026-1184

Name of the Vulnerable Software and Affected Versions yeqifu warehouse affected versions not specified Description A weakness exists that leads to improper authorization. The issue affects the saveUserRole function within the file warehousesrcmainjavacomyeqifusyscontrollerUserController.java of t...

6.5CVSS6.4AI score0.00031EPSS

Exploits1References10

RedhatCVE•added 2026/01/01 5:33 p.m.•5 views

CVE-2025-15391

A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgimain of the component SSDP Request Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. This...

6.5CVSS7AI score0.00081EPSS

Exploits1References1

CVE•added 2025/12/31 5:32 p.m.•7 views

CVE-2025-15391

CVE-2025-15391 affects D-Link DIR-806A 100CNb11. The issue stems from the SSDP Request Handler’s ssdpcgi_main function, which fails to properly filter constructed command characters, enabling remote arbitrary command execution via command injection. Multiple connected sources corroborate a remote...

9.8CVSS6.6AI score0.00081EPSS

Exploits1References5Affected Software1

EUVD•added 2025/12/31 5:32 p.m.•2 views

EUVD-2025-205988

6.5CVSS6.6AI score0.00081EPSS

Exploits1References7

Cvelist•added 2025/12/31 5:32 p.m.•20 views

CVE-2025-15391 D-Link DIR-806A SSDP Request ssdpcgi_main command injection

6.5CVSS0.00081EPSS

Exploits1References5

Vulnrichment•added 2025/12/31 5:32 p.m.•3 views

CVE-2025-15391 D-Link DIR-806A SSDP Request ssdpcgi_main command injection

6.5CVSS6.8AI score0.00081EPSS

Exploits1References5

RedhatCVE•added 2025/12/31 11:5 a.m.•5 views

CVE-2025-15244

A vulnerability has been found in PHPEMS up to 11.0. This impacts an unknown function of the component Purchase Request Handler. The manipulation leads to race condition. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is said to be...

6.3CVSS6.2AI score0.00118EPSS

Exploits1References1

RedhatCVE•added 2025/12/31 2:13 a.m.•4 views

CVE-2025-15215

A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack...

9CVSS7.3AI score0.00177EPSS

Exploits1References1

Positive Technologies•added 2025/12/31 12:0 a.m.•3 views

PT-2025-54411

A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgi main of the component SSDP Request Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. This...

6.5CVSS7AI score0.00081EPSS

Exploits1References6

OSV•added 2025/12/30 11:15 a.m.•2 views

CVE-2025-15244

6.3CVSS5.1AI score

Exploits0References4

NVD•added 2025/12/30 11:15 a.m.•4 views

CVE-2025-15244

6.3CVSS0.00118EPSS

Exploits1References4

Cvelist•added 2025/12/30 10:32 a.m.•23 views

CVE-2025-15244 PHPEMS Purchase Request race condition