CVE-2026-2565 Wavlink WL-NU516U1 adm.cgi sub_40785C stack-based overflow

A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument timezone causes stack-based buffer overflow. The attack can be initiated remotely. The attack is considered to have high...

EUVD-2026-6128

A flaw has been found in Tosei Self-service Washing Machine 4.02. Impacted is an unknown function of the file /cgi-bin/toseidatasend.php. Executing a manipulation of the argument adrtxt1 can lead to command injection. It is possible to launch the attack remotely. The exploit has been published an...

CVE-2026-2530 Wavlink WL-WN579A3 wireless.cgi AddMac command injection

A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to th...

CVE-2026-2527

A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2026-2528

A vulnerability was identified in Wavlink WL-WN579A3 up to 20210219. Affected by this vulnerability is the function DeleteMaclist of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist leads to command injection. Remote exploitation of the attack is possible. The exploit i...

CVE-2026-2528

Summary: CVE-2026-2528 affects Wavlink WL-WN579A3 up to 20210219. The vulnerable component is the function Delete_Mac_list in /cgi-bin/wireless.cgi, where manipulating the delete_list argument enables command injection. Remote exploitation is possible and exploits are publicly available; vendor h...

CVE-2026-2527 Wavlink WL-WN579A3 login.cgi command injection

A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express has a cross-site scripting vulnerability , the vulnerability stems from the smoothinfo.cgi endpoint WRAP or SECTIONTITLE parameter on the user-supplied data lack of effective filtering an...

PT-2026-8301

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN579A3 versions up to 20210219 Description A command injection issue exists in the file /cgi-bin/login.cgi. Manipulating the key argument can allow for remote code execution. The vulnerability has been publicly disclosed. The vendo...

PT-2026-8374

Smoothwall Express 3.1-SP4-polar-x86 64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. Attackers can send POST requests to the iptools.cgi endpoint with script payloads in the IP...

PT-2026-8306

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN579A3 versions up to 20210219 Description A flaw exists in Wavlink WL-WN579A3 that allows for remote command injection. The issue is located in the AddMac function within the /cgi-bin/wireless.cgi file. Manipulation of the macAddr...

PT-2026-8298

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN579A3 versions up to 20210219 Description A command injection issue exists in Wavlink WL-WN579A3. The issue is located in the multi ssid function within the /cgi-bin/wireless.cgi file. Manipulating the SSID2G2 argument can lead to...

WAVLINK WL-WN579A3 命令注入漏洞

The WAVLINK WL-WN579A3 is a high-performance dual-band wireless network card developed by WAVLINK Corporation. The Wavlink WL-WN579A3 versions prior to 20210219 have a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter SSID2G2 in the function...

EFM iptime A6004MX 代码问题漏洞

EFM iptime A6004MX is a wireless router produced by the South Korean company EFM. The EFM iptime A6004MX version 14.18.2 has a code vulnerability. This vulnerability stems from an unlimited upload function in the commitvpnclifile Upload function located in the cgi/timepro.cgi file, which could le...

CVE-2019-25324 RICOH Web Image Monitor 1.09 - HTML Injection

RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary HTML content, potentially enabling...

CVE-2026-24895 FrankenPHP affected by Path Confusion via Unicode casing in CGI path splitting allows execution of arbitrary files

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path but applies that byte index to the...

CVE-2026-24895

FrankenPHP CGI path splitting bug before 1.11.2 uses lowercased path for split index and applies it to the original path, causing SCRIPT_NAME/SCRIPT_FILENAME to point to the wrong file and potentially execute an unintended file. Root cause: Go strings.ToLower can increase byte length for certain ...

CVE-2026-24895 FrankenPHP affected by Path Confusion via Unicode casing in CGI path splitting allows execution of arbitrary files

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path but applies that byte index to the...

GHSA-G966-83W7-6W38 FrankenPHP's unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FrankenPHP

Summary FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path but applies that byte index to the original path. Because strings.ToLower in Go can increase the...

FrankenPHP 安全漏洞

FrankenPHP is an open-source PHP application server developed by phpnet. Versions of FrankenPHP prior to 1.11.2 contained security vulnerabilities. These vulnerabilities stemmed from improper case conversion during CGI path segmentation when handling Unicode characters, which could lead to the...