CVE-2026-2527

A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

WAVLINK WL-NU516U1 安全漏洞

WAVLINK WL-NU516U1 is a wireless print server developed by WAVLINK Corporation. Versions of Wavlink WL-NU516U1 prior to 20251208 contained a security vulnerability. This vulnerability stemmed from incorrect handling of the parameter “delflag” in the file /cgi-bin/firewall.cgi, which could lead to...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.0 security release

Red Hat JBoss Web Server 6.2 is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.0 security release

Red Hat JBoss Web Server 6.2.0 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Linux Enterprise 10, and Windows Server. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CV...

CVE-2026-2566

A security vulnerability has been detected in Wavlink WL-NU516U1 up to 130/260. This affects the function sub406194 of the file /cgi-bin/adm.cgi. Such manipulation of the argument firmwareurl leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed...

CVE-2019-25394

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKERON,...

CVE-2019-25382 Smoothwall Express 3.1 'time.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTPSERVER parameter. Attackers can send POST requests to the time.cgi endpoint with script payloads in the...

CVE-2019-25382

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability in the time.cgi endpoint, exploitable via POST requests to the NTP_SERVER parameter to execute arbitrary JavaScript in users’ browsers. CVSSv3.1 base score 6.1, scope changed, impact on confide...

CVE-2026-2566

A security vulnerability has been detected in Wavlink WL-NU516U1 up to 130/260. This affects the function sub406194 of the file /cgi-bin/adm.cgi. Such manipulation of the argument firmwareurl leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed...

CVE-2026-2565 Wavlink WL-NU516U1 adm.cgi sub_40785C stack-based overflow

A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument timezone causes stack-based buffer overflow. The attack can be initiated remotely. The attack is considered to have high...

EUVD-2026-6128

A flaw has been found in Tosei Self-service Washing Machine 4.02. Impacted is an unknown function of the file /cgi-bin/toseidatasend.php. Executing a manipulation of the argument adrtxt1 can lead to command injection. It is possible to launch the attack remotely. The exploit has been published an...

CVE-2026-2530 Wavlink WL-WN579A3 wireless.cgi AddMac command injection

A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to th...

CVE-2026-2527

A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2026-2528

A vulnerability was identified in Wavlink WL-WN579A3 up to 20210219. Affected by this vulnerability is the function DeleteMaclist of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist leads to command injection. Remote exploitation of the attack is possible. The exploit i...

CVE-2026-2528

Summary: CVE-2026-2528 affects Wavlink WL-WN579A3 up to 20210219. The vulnerable component is the function Delete_Mac_list in /cgi-bin/wireless.cgi, where manipulating the delete_list argument enables command injection. Remote exploitation is possible and exploits are publicly available; vendor h...

CVE-2026-2527 Wavlink WL-WN579A3 login.cgi command injection

A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead to command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

PT-2026-8306

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN579A3 versions up to 20210219 Description A flaw exists in Wavlink WL-WN579A3 that allows for remote command injection. The issue is located in the AddMac function within the /cgi-bin/wireless.cgi file. Manipulation of the macAddr...

EFM iptime A6004MX 代码问题漏洞

EFM iptime A6004MX is a wireless router produced by the South Korean company EFM. The EFM iptime A6004MX version 14.18.2 has a code vulnerability. This vulnerability stems from an unlimited upload function in the commitvpnclifile Upload function located in the cgi/timepro.cgi file, which could le...

PT-2026-8301

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN579A3 versions up to 20210219 Description A command injection issue exists in the file /cgi-bin/login.cgi. Manipulating the key argument can allow for remote code execution. The vulnerability has been publicly disclosed. The vendo...

PT-2026-8298

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN579A3 versions up to 20210219 Description A command injection issue exists in Wavlink WL-WN579A3. The issue is located in the multi ssid function within the /cgi-bin/wireless.cgi file. Manipulating the SSID2G2 argument can lead to...