Tenda F453 安全漏洞

The Tenda F453 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.3 of the Tenda F453 contains a security vulnerability. This vulnerability stems from incorrect handling of the parameter “qos” in the function “fromqossetting” within the file/goform/qossetting, which may lea...

CVE-2026-3168

CVE-2026-3168 affects Tenda F453 version 1.0.0.3. The flaw is in the httpd component’s fromNatStaticSetting function (file /goform/NatStaticSetting). Manipulating the argument page can cause a buffer overflow. The issue may be exploitable remotely and public exploits exist. CVSS-derived metrics i...

EUVD-2023-37713

Malicious code in bioql PyPI...

EUVD-2025-26160

Malicious code in bioql PyPI...

Apartment Management System bill_setup.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter txtBillType in the file /setting/billsetup.php. An attacker can exploi...

CVE-2024-53946

The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery CSRF on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such as exploiting a command injection vulnerability in...

CVE-2024-41630

Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fastsettingwifiset...

CVE-2024-7172

A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. Affected by this vulnerability is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument httphost leads to buffer overflow. The attack can be...

Tenda AX12 操作系统命令注入漏洞

Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from Tenda, China. An operating system command injection vulnerability exists in Tenda AX12 version V22.03.01.16cn, which originates from a command injection vulnerability via goform/fastsettinginternetset...

CVE-2022-37078

TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg...

CVE-2022-28913

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting...

TOTOLINK N600R 操作系统命令注入漏洞

TOTOLINK N600R is a wireless router from Taiwan-based TOTOLINK, which is vulnerable to a command injection attack via the filename parameter in /setting/setUpgradeFW...

Pixelimity 跨站脚本漏洞

Pixelimity is an open source PHP-based CMS Content Management System. A security vulnerability exists in Pixelimity 1.0 that originates from cross-site scripting via the site description field in pixelimity/admin/setting.php...