CVE-2026-1924

The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing nonce verification on the ahscajaxresetoptions function. This makes it possible for unauthenticated attackers to reset all plugin settings t...

CVE-2026-8681 Essential Chat Support <= 1.0.1 - Missing Authorization to Unauthenticated Settings Reset via 'ecs_reset_settings' Parameter

The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to reset all...

CVE-2026-4133

The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.7. This is due to missing nonce validation in the imTextP2POptionPage function which processes settings updates. The form at line 314 does not include a wpnoncefield,...

EUVD-2025-31379

Malicious code in bioql PyPI...

CVE-2025-55847

Wavlink M86X3AV240730 contains a buffer overflow vulnerability in the /cgi-bin/ExportAllSettings.cgi file. The vulnerability arises because the Cookie parameter does not properly validate the length of input data. Attackers can exploit this to execute arbitrary code or cause a denial of service D...

CVE-2025-55847

Wavlink M86X3AV240730 contains a buffer overflow vulnerability in the /cgi-bin/ExportAllSettings.cgi file. The vulnerability arises because the Cookie parameter does not properly validate the length of input data. Attackers can exploit this to execute arbitrary code or cause a denial of service D...

CVE-2025-55847

Wavlink M86X3AV240730 contains a buffer overflow vulnerability in the /cgi-bin/ExportAllSettings.cgi file. The vulnerability arises because the Cookie parameter does not properly validate the length of input data. Attackers can exploit this to execute arbitrary code or cause a denial of service D...

Wavlink M86X3A_V240730 安全漏洞

Wavlink M86X3AV240730 is a device firmware from China Ruiyin Wavlink. A security vulnerability exists in Wavlink M86X3AV240730, which originates from a cookie parameter in the /cgi-bin/ExportAllSettings.cgi file that does not correctly validate the length of the input data, which could result in...

CVE-2025-55847

Wavlink M86X3AV240730 contains a buffer overflow vulnerability in the /cgi-bin/ExportAllSettings.cgi file. The vulnerability arises because the Cookie parameter does not properly validate the length of input data. Attackers can exploit this to execute arbitrary code or cause a denial of service D...

PT-2025-39670

Name of the Vulnerable Software and Affected Versions Wavlink M86X3A V240730 affected versions not specified Description The software contains a buffer overflow issue in the /cgi-bin/ExportAllSettings.cgi file. The problem is due to insufficient validation of the length of input data received...

CVE-2025-55847

The CVE-2025-55847 entry concerns Wavlink M86X3A_V240730. The vulnerability is a buffer overflow in the /cgi-bin/ExportAllSettings.cgi endpoint caused by improper validation of the length of data passed via the Cookie parameter. The issue can allow attackers to execute arbitrary code or cause a d...

CVE-2022-34045

Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etcro/lighttpd/www/cgi-bin/ExportAllSettings.sh...

PT-2022-21982

Name of the Vulnerable Software and Affected Versions Wavlink WN530HG4 version M30HG4.V5030.191116 Description A hardcoded encryption/decryption key was found in the configuration files of the affected device, specifically at the /etc ro/lighttpd/www/cgi-bin/ExportAllSettings.sh location. This...

CVE-2022-31847

A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request...

CVE-2022-31847

A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request...

WAVLINK WN579 X3 安全漏洞

The WAVLINK WN579 X3 is a wireless router from the Chinese company WAVLINK. An information disclosure vulnerability exists in WAVLINK WN579 X3 M79X3.V5030.180719 version, which originates from improper authorization management in /cgi-bin/ExportAllSettings.sh. An attacker can exploit this...

CVE-2020-12127

An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication...

CVE-2020-10973

An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacke...

CVE-2019-19981

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings...