Lucene search
K

44 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.3 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

8.8CVSS6.2AI score0.00453EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/19 9:45 p.m.3 views

CVE-2026-28282 Discourse vulnerable to group membership addition permission bypass via discourse-policy plugin

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a security flaw in the discourse-policy plugin which allowed a user with policy creation permission to gain membership access to any private/restricted groups. Once membership to a...

2.3CVSS5.6AI score0.00332EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/12 6:30 p.m.5 views

EUVD-2026-11625

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

6AI score0.00453EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 6:16 p.m.8 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

8.8CVSS0.00453EPSS
Exploits1References1
OSV
OSV
added 2026/03/12 6:16 p.m.4 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

8.8CVSS6.1AI score0.00453EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/12 12:0 a.m.4 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

6.1AI score0.00453EPSS
Exploits1References1
CVE
CVE
added 2026/03/12 12:0 a.m.12 views

CVE-2026-26794

CVE-2026-26794 affects GL-iNet GL-AR300M16 (v4.3.11). Connected sources specify a SQL injection via the add_group() function, enabling an attacker to perform arbitrary SQL operations through a crafted HTTP request. The CVSS 3.1 metrics in the initial entry indicate NETWORK access, HIGH impact on ...

8.8CVSS6AI score0.00453EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/03/12 12:0 a.m.27 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

0.00453EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/12 12:0 a.m.2 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

6AI score0.00453EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-25026

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add group function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

6AI score0.00453EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

GL-iNet GL-AR300M16 安全漏洞

GL-iNet GL-AR300M16 is a portable mini router produced by the Chinese company GL-iNet. The version GL-iNet GL-AR300M16 v4.3.11 contains a security vulnerability. This vulnerability stems from an SQL injection vulnerability in the addgroup function, which may allow for the execution of arbitrary S...

8.8CVSS6.1AI score0.00453EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:52 a.m.6 views

CVE-2020-10395

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-group.php by adding a question mark ? followed by the payload...

4.8CVSS6.1AI score0.00611EPSS
Exploits1References1
Snyk
Snyk
added 2025/09/04 11:46 a.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataGroupname parameter in the /apprain/admin/managegroup/add/ process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by submitting crafted input that is improperly...

5.4CVSS5.5AI score0.00197EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/22 9:33 p.m.6 views

CVE-2025-9249

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function DHCPReserveAddGroup of the file /goform/DHCPReserveAddGroup. This manipulation of the argument...

9CVSS7.3AI score0.00866EPSS
Exploits1References1
OSV
OSV
added 2025/08/20 9:15 p.m.2 views

CVE-2025-9249

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function DHCPReserveAddGroup of the file /goform/DHCPReserveAddGroup. This manipulation of the argument...

8.7CVSS6.2AI score0.00866EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/08/20 9:2 p.m.4 views

CVE-2025-9249 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 DHCPReserveAddGroup stack-based overflow

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function DHCPReserveAddGroup of the file /goform/DHCPReserveAddGroup. This manipulation of the argument...

9CVSS7.2AI score0.00866EPSS
Exploits1References5
CVE
CVE
added 2025/08/20 9:2 p.m.22 views

CVE-2025-9249

Consolidated details: A stack-based buffer overflow in the DHCPReserveAddGroup function of /goform/DHCPReserveAddGroup affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 series. Affected versions include 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, and 1.2.07.001 across the listed mode...

9CVSS7.2AI score0.00866EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.2 views

Linksys多款产品 安全漏洞

Linksys RE6300 and others are products of Linksys, Inc.Linksys RE6300 is a wireless network signal extender.Linksys RE6250 is a wireless extender.Linksys RE6350 is a wireless extender.Linksys RE6350 is a wireless extender.Linksys RE6350 is a wireless extender.Linksys RE6350 is a wireless...

9CVSS7.2AI score0.00866EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.7 views

PT-2025-34159 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250 version 1.0.013.001 Linksys RE6250 version 1.0.04.001 Linksys RE6250 version 1.0.04.002 Linksys RE6250 version 1.1.05.003 Linksys RE6250 version 1.2.07.001 Linksys RE6300 version 1.0.013.001 Linksys RE6300 version 1.0.04.001...

9CVSS8.9AI score0.00866EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/05/23 9:35 a.m.10 views

CVE-2024-22593

FlyCms v1.0 contains a Cross-Site Request Forgery CSRF vulnerability via /system/admin/addgroupsave...

8.8CVSS8.8AI score0.00324EPSS
Exploits1References1
Rows per page
Query Builder