379 matches found
CVE-2026-40828
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to validate the rec-used field during the ntfs3 log replay file checking process. Thi...
CVE-2026-5176
A security flaw has been discovered in Totolink A3300R 17.0.0cu.557b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provided results in command injection. The attack may be initiated remotely. The exploit has been release...
CVE-2026-24987
Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...
CVE-2026-26795
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.getsystemlog function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
EUVD-2026-15606
Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...
CVE-2026-24987
Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...
CVE-2026-24987 WordPress WP System Log plugin <= 1.2.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...
CVE-2026-24987 WordPress WP System Log plugin <= 1.2.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...
CVE-2026-24987
CVE-2026-24987 is a Missing Authorization vulnerability in the WordPress Activity Log plugin (winterlock) family, affecting WP System Log versions up to 1.2.7, enabling unauthorized access to logs. CVSS 3.1 base 6.5 (I: High, A: None); exploitation status not detailed in provided documents; monit...
PT-2026-27876
Name of the Vulnerable Software and Affected Versions WP System Log versions through 1.2.7 Description An authorization issue exists in activity-log.com WP System Log winterlock. This allows exploitation of incorrectly configured access control security levels. Recommendations Update WP System Lo...
WordPress plugin WP System Log 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress WP System Log plugin <= 1.2.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by NumeX in WordPress Plugin WP System Log versions = 1.2.7...
EUVD-2026-11627
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.getsystemlog function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
CVE-2026-26795
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.getsystemlog function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
CVE-2026-26795
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.getsystemlog function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
CVE-2026-26795
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.getsystemlog function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
CVE-2026-26795
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.getsystemlog function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
PT-2026-25027
🔴 CVE-2026-26795 - Critical GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get system log function. This vulnerability allows attackers to e... https://t.co/NCxeIgOxEq https://t.co/P5rgFdajLA...
CVE-2026-26795
CVE-2026-26795 affects GL-iNet GL-AR300M16 running v4.3.11. The issue is a command injection via the module parameter in the M.get_system_log function, allowing execution of arbitrary commands. Impact is high (confidentiality, integrity, and availability), with network-based exploitation and no p...