CVE-2026-9144 Taiko AG1000-01A Rev 7.3/8 Stored XSS via Web Configuration Interface

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields...

CVE-2026-30695

A Cross-Site Scripting XSS vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter o...

CVE-2026-30695

A Cross-Site Scripting XSS vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter o...

CVE-2026-30695

A Cross-Site Scripting XSS vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter o...

CVE-2026-2152

A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file advrouting.php of the component Web Configuration Interface. Performing a manipulation of the argument destip/ submask/ gw results in os command injection. The attack may be initiated remotely. T...

CVE-2026-2152

A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file advrouting.php of the component Web Configuration Interface. Performing a manipulation of the argument destip/ submask/ gw results in os command injection. The attack may be initiated remotely. T...

CVE-2026-2152

A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file advrouting.php of the component Web Configuration Interface. Performing a manipulation of the argument destip/ submask/ gw results in os command injection. The attack may be initiated remotely. T...

CVE-2026-2152 D-Link DIR-615 Web Configuration adv_routing.php os command injection

A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file advrouting.php of the component Web Configuration Interface. Performing a manipulation of the argument destip/ submask/ gw results in os command injection. The attack may be initiated remotely. T...

PT-2026-6980

Name of the Vulnerable Software and Affected Versions D-Link DIR-615 version 4.10 Description A flaw exists within the Web Configuration Interface of the D-Link DIR-615, specifically in the adv routing.php file. Manipulation of the dest ip, submask, and gw arguments can lead to os command...

CVE-2025-15258

CVE-2025-15258 affects Edimax BR-6208AC (versions 1.02–1.03). The Web-based Configuration Interface’s formALGSetup handler at /goform/formALGSetup can be manipulated via the wlan-url argument to trigger an open redirect, with remote access and publicly available exploit evidence. Multiple sources...

CVE-2025-15258 Edimax BR-6208AC Web-based Configuration formALGSetup redirect

A weakness has been identified in Edimax BR-6208AC 1.02/1.03. Affected by this issue is the function formALGSetup of the file /goform/formALGSetup of the component Web-based Configuration Interface. This manipulation of the argument wlan-url causes open redirect. The attack is possible to be...

CVE-2025-15257 Edimax BR-6208AC Web-based Configuration formRoute command injection

A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Interface. The manipulation of the argument strIp/strMask/strGateway results in command injection. The...

EUVD-2020-5400

Malware in sbrugna...

EUVD-2003-1417

Malware in sbrugna...

CVE-2020-13124

SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system...

CVE-2025-22370

Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized...

CVE-2025-22370 Mennekes smart/premium charges systems, SQL Injection in web configuration interface

Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized...

CVE-2024-5684 ID Charger Connect & Pro - JWT-Null-Algorithm

An attacker with access to the private network the charger is connected to or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would...

Siemens SCALANCE X Authentication Bypass (CVE-2019-13933)

A vulnerability has been identified in SCALANCE X204RNA HSR, SCALANCE X204RNA PRP, SCALANCE X204RNA EEC HSR, SCALANCE X204RNA EEC PRP, SCALANCE X204RNA EEC PRP/HSR, SCALANCE X302-7 EEC 230V, SCALANCE X302-7 EEC 230V, coated, SCALANCE X302-7 EEC 24V, SCALANCE X302-7 EEC 24V, coated, SCALANCE X302-...

CVE-2022-30521

The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters...