CVE-2026-10125

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack can be...

Edimax BR-6675nD 安全漏洞

The Edimax BR-6675nD is a dual-band broadband wireless router produced by Edimax Corporation. A security vulnerability exists in the Edimax BR-6675nD version 1.12; this vulnerability stems from improper handling of the pptpUserName parameter in the POST Request Handler component...

CVE-2026-36227

Directory Traversal vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the UserName parameter...

CVE-2026-36227

CVE-2026-36227 affects Easy Chat Server 3.1, specifically the UserName parameter in the registration path, where insufficient sanitization enables directory traversal that can expose sensitive data and potentially allow code execution. The available connected materials include a proof-of-concept ...

EUVD-2026-31473

Directory Traversal vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the UserName parameter...

CVE-2026-36227

Directory Traversal vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the UserName parameter...

CVE-2026-8776

Edimax BR-6428NS v1.10 is affected by CVE-2026-8776 due to a buffer overflow in POST Request Handler’s formPPTPSetup (pptpUserName). The issue can be exploited remotely; public exploit exists and exploit maturity is PROOF-OF-CONCEPT. Vendor did not respond to disclosure. CVSS metrics indicate HIG...

PT-2026-38450

A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...

CVE-2026-36388

A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...

Edimax BR-6428nC 注入漏洞

The Edimax BR-6428nC is a multi-functional wireless broadband router produced by Edimax Corporation. Versions of Edimax BR-6428nC prior to 1.16 contained a vulnerability. This vulnerability stemmed from an unknown function in the component’s Web Interface, specifically the file/goform/setWAN, whi...

CVE-2026-6995

A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulation of the argument User name results in cross site scripting. The attack may be initiated...

CVE-2026-6995

A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulation of the argument User name results in cross site scripting. The attack may be initiated...

CVE-2026-6995

A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulation of the argument User name results in cross site scripting. The attack may be initiated...

BDCOM P3310D 跨站脚本漏洞

The BDCOM P3310D is an Ethernet switch device designed for access layer networks by the BDCOM company in China. The version BDCOM P3310D 0.4.2 10.1.0F Build 86345 contains a cross-site scripting vulnerability. This vulnerability stems from an unknown feature of the New User Page component’s...

CVE-2026-1945

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpbusername' and 'wpbuseremail' parameters in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2026-1945 WPBookit <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via 'wpb_user_name' and 'wpb_user_email' Parameters

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpbusername' and 'wpbuseremail' parameters in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2026-1945

The CVE-2026-1945 entry concerns the WPBookit WordPress plugin. A Stored Cross-Site Scripting (XSS) vulnerability affects the plugin via the wpb_user_name and wpb_user_email parameters in all versions up to and including 1.0.8, caused by insufficient input sanitization and output escaping. Exploi...

PT-2026-22858

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpb user name' and 'wpb user email' parameters in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

TOTOLINK A3002RU 缓冲区错误漏洞

TOTOLINK A3002RU is a wireless router product from TOTOLINK Corporation. The TOTOLINK A3002RU V2.1.1-B20211108.1455 version contains a buffer error vulnerability. This vulnerability stems from an overflow in the stack buffer of the vpnUser or vpnPassword parameters in the formFilter function, whi...

EUVD-2026-5805

A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/setddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is...