CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

423 matches found

CVE-2026-36606

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

7.1CVSS0.00011EPSS

Exploits0References1

Vulnrichment•added 2 days ago•6 views

CVE-2026-36610

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...

5.8AI score0.00019EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•3 views

CVE-2026-36606

7.1CVSS5.8AI score0.00011EPSS

Exploits0References2

Vulnrichment•added 2 days ago•5 views

CVE-2026-36606

5.8AI score0.00011EPSS

Exploits0References1

Github Security Blog•added last week•16 views

Nezha's authenticated DDNS webhook configuration allows blind SSRF from the dashboard host

Summary An authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook and configure an arbitrary webhookurl, HTTP method, request body, and headers. When DDNS is triggered for a server that uses that profile, the dashboard process sends the configured request wit...

6AI score

Exploits0References2Affected Software1

OSV•added last week•3 views

GHSA-6X26-5727-RRM9 Nezha's authenticated DDNS webhook configuration allows blind SSRF from the dashboard host

6.4CVSS6AI score

Exploits0References2

NVD•added 2026/05/27 2:16 p.m.•10 views

CVE-2026-36539

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

7.3CVSS0.00052EPSS

Exploits0References1

Positive Technologies•added 2026/05/27 12:0 a.m.•6 views

PT-2026-43706

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skk get.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

5.8AI score0.00052EPSS

Exploits0References2

CVE•added 2026/05/27 12:0 a.m.•7 views

CVE-2026-36539

The affected product is Netis AC1200 Router NC21 (firmware version referenced: V4.0.1.4296). The issue is an unauthenticated CGI endpoint at /cgi-bin/skk_get.cgi that returns the entire router configuration as JSON, exposing administrator credentials, Wi‑Fi and PPPoE credentials, DDNS credentials...

7.3CVSS5.8AI score0.00052EPSS

Exploits0References1

ATTACKERKB•added 2026/05/24 11:0 p.m.•8 views

CVE-2026-9404

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. Th...

10CVSS5.7AI score0.01254EPSS

Exploits0References5Affected Software1

OSV•added 2026/05/20 5:58 p.m.•3 views

MAL-2026-4433 Malicious code in @self-evolving-harness/kivo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce31b5c287727dabb5479a114843b06b80bbd75db10d74014a00db80b9b321bd The package's LLM pipeline Kivo.ingest → value-gate → OpenAILLMProvider resolves its endpoint via resolveLlmConfig in...

5.8AI score

Exploits0References1

Nuclei•added 2026/05/12 8:3 a.m.•117 views

D-Link - Remote Command Execution

A Remote Command Execution RCE vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file id: CVE-2021-45382 info: name: D-Link - Remote Command Execution author: king-alexander severity: critic...

10CVSS7.5AI score0.94352EPSS

Exploits1References5

NVD•added 2026/05/08 5:16 a.m.•8 views

CVE-2026-8137

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

9CVSS0.00086EPSS

Exploits0References5

ATTACKERKB•added 2026/05/08 4:0 a.m.•3 views

CVE-2026-8137

9CVSS7.5AI score0.00086EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2026/05/08 12:0 a.m.•7 views

PT-2026-38664

Name of the Vulnerable Software and Affected Versions Totolink X5000R version 9.1.0u.6369 B20230113 Description A buffer overflow occurs in the sub 458E40 function within the '/boafrm/formDdns' file. This issue is triggered by the manipulation of the submit-url argument, allowing for remote...

9CVSS7.4AI score0.00086EPSS

Exploits0References8

NVD•added 2026/05/04 1:16 a.m.•5 views

CVE-2026-42364

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability...

9.9CVSS0.00146EPSS

Exploits0References2

Cvelist•added 2026/05/04 12:41 a.m.•30 views

CVE-2026-42364 GeoVision LPC2011/LPC2211 Web Interface / DdnsSetting.cgi OS command injection vulnerability

9.9CVSS0.00146EPSS

Exploits0References2

NVD•added 2026/05/03 11:16 a.m.•3 views

CVE-2026-7692

A vulnerability was detected in Wavlink WL-WN570HA1 R70HA1 V1410221110. The affected element is the function pingddns of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument DDNS results in command injection. The attack can be initiated remotely. The exploit is now public and may ...

6.5CVSS0.02115EPSS

Exploits1References4