CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/04/07 12:28 p.m.•2 views

EEF-CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)

Summary Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access control...

8.3CVSS5.8AI score0.00036EPSS

Debian CVE•added 2026/04/07 12:28 p.m.•7 views

CVE-2026-28808

9.8CVSS5.3AI score0.00036EPSS

Vulnrichment•added 2026/04/07 12:28 p.m.•2 views

CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)

8.3CVSS5.9AI score0.00036EPSS

CVE•added 2026/04/07 12:28 p.m.•7 views

CVE-2026-28808

CVE-2026-28808 is an incorrect authorization vulnerability in Erlang OTP (inets modules). The root cause is a script_alias path mismatch where mod_auth checks DocumentRoot-relative paths while mod_cgi executes ScriptAlias-resolved paths, allowing unauthenticated access to CGI scripts protected by...

9.8CVSS5.9AI score0.00036EPSS

Exploits0References6Affected Software2

EUVD•added 2026/04/07 12:28 p.m.•10 views

EUVD-2026-19602

8.3CVSS5.9AI score0.00036EPSS

EUVD•added 2026/04/07 12:30 a.m.•1 views

EUVD-2026-19547

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit has been disclosed...

7.5CVSS6.8AI score0.01153EPSS

Positive Technologies•added 2026/04/07 12:0 a.m.•3 views

PT-2026-30814

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.2, 26.2.5.19, and 27.3.4.10 Description An incorrect authorization issue exists in Erlang OTP inets modules that allows unauthenticated access to CGI scripts protected by directory rules when served via...

9.8CVSS5.7AI score0.00036EPSS

Exploits0References37

CNVD•added 2026/04/07 12:0 a.m.•1 views

Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18410)

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/snat.cgi, and can be exploited by an attacker to inject malicious JavaScri...

6.4CVSS5AI score0.00034EPSS

CNVD•added 2026/04/07 12:0 a.m.•5 views

Endian Firewall DATE Parameter OS Command Injection Vulnerability

Endian Firewall is a network security firewall system from Endian. An operating system command injection vulnerability exists in the Endian Firewall DATE parameter, which stems from incomplete regular expression validation of the DATE parameter in /cgi-bin/logsids.cgi, and can be exploited by an...

8.8CVSS5.8AI score0.0046EPSS

CNNVD•added 2026/04/07 12:0 a.m.•2 views

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by the built-in APIs of node.js. There were security vulnerabilities in versions of Erlang/OTP prior to 28.4.2, 27.3.4.10, and 26.2.5.19. These vulnerabilities stemmed from improper...

9.8CVSS5.8AI score0.00036EPSS

CNVD•added 2026/04/07 12:0 a.m.•5 views

Endian Firewall REMARK Parameter Cross-Site Scripting Vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall REMARK parameter, which stems from improper handling of the REMARK parameter in /cgi-bin/openvpnclient.cgi, and can be exploited by an attacker to inject malicious...

6.4CVSS5AI score0.00011EPSS

ATTACKERKB•added 2026/04/06 11:15 p.m.•2 views

CVE-2026-5692

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been made public and cou...

7.5CVSS6.7AI score0.01153EPSS

Exploits0References5Affected Software1

Cvelist•added 2026/04/06 11:0 p.m.•16 views

CVE-2026-5691 Totolink A7100RU cstecgi.cgi setFirewallType os command injection

A vulnerability has been found in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setFirewallType of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument firewallType leads to os command injection. The attack is possible to be carried out remotely. The exploit has been...

7.5CVSS0.04736EPSS

Cvelist•added 2026/04/06 10:45 p.m.•18 views

CVE-2026-5690 Totolink A7100RU cstecgi.cgi setRemoteCfg os command injection

A flaw has been found in Totolink A7100RU 7.4cu.2313b20191024. The impacted element is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit has been published...

7.5CVSS0.01153EPSS

ATTACKERKB•added 2026/04/06 10:30 p.m.•3 views

CVE-2026-5689

A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument tz results in os command injection. Remote exploitation of the attack is possible. The exploit is now...

7.5CVSS6.9AI score0.01153EPSS

Exploits0References5Affected Software1

Cvelist•added 2026/04/06 10:30 p.m.•17 views

CVE-2026-5689 Totolink A7100RU cstecgi.cgi setNtpCfg os command injection

7.5CVSS0.01153EPSS