CVE-2026-32936

A flaw was found in CoreDNS, a DNS server that chains plugins. A remote, unauthenticated attacker can exploit this vulnerability by repeatedly sending oversized DNS-over-HTTPS DoH GET requests. The GET path, unlike the POST path, lacks size validation before processing large dns= query parameter...

EUVD-2026-26941

A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The...

CVE-2026-7749 Totolink N300RH POST Request cstecgi.cgi setWanConfig buffer overflow

A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The...

CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification

Summary CoreDNS's DNS-over-HTTPS DoH GET path accepts oversized dns= query values and performs substantial request parsing, query unescaping, base64 decoding, and message unpacking work before returning 400 Bad Request. A remote, unauthenticated attacker can repeatedly send oversized DoH GET...

CVE-2019-25428 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via openvpn_users

Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpnusers endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payloads in the username, remotenets,...

CVE-2025-11328

A vulnerability was detected in Tenda AC18 15.03.05.196318. This issue affects some unknown processing of the file /goform/SetDDNSCfg. The manipulation of the argument ddnsEn results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be...

EUVD-2021-27587

Malicious code in bioql PyPI...

CVE-2024-55064

Multiple cross-site scripting XSS vulnerabilities in EasyVirt DC NetScope = 8.6.4 allow remote attackers to inject arbitrary JavaScript or HTML code via the 1 smtpserver, 2 smtpaccount, 3 smtppassword, or 4 emailrecipients parameter to /smtp/update; the 5 ntp or 6 dns parameter to...

TOTOlink A3002R 安全漏洞

TOTOLINK A3002R is a wireless router from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOlink A3002R version V1.1.1-B20200824.0128, which originates from improper validation of the pppoedns1 parameter input, resulting in a buffer overflow...

CVE-2025-25635

TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoedns1 parameter in the formIpv6Setup interface of /bin/boa...

Westermo Lynx 206-F2G Improper Neutralization of Input During Web Page Generation (CVE-2023-45227)

An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the 'dns.0.server' parameter. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

CVE-2023-45227 Westermo Lynx Cross-site Scripting

An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter...

PT-2023-31729 · Totolink · Totolink Ex1800T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1800T version 9.1.0cu.2112 B20220316 Description: The issue allows for unauthorized arbitrary command execution in the lanSecDns parameter of the setLanConfig interface of the cstecgi.cgi. Recommendations: For TOTOLINK EX1800T...

TOTOLINK EX1800T 安全漏洞

TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK, which supports Wi-Fi 6 technology and enhances signal coverage by connecting wirelessly to a router, making it suitable for home and small office environments. A command execution vulnerability exists in the TOTOLINK EX1800T, which...

D-Link DI-7003G Buffer Error Vulnerability

The D-Link DI-7003G is a wireless router from China-based D-Link. The D-Link DI-7003G suffers from a buffer error vulnerability that can be exploited to execute arbitrary code via the wild/mx parameter of the ddns.asp function...

Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork's saveNetworkConfiguration method. A...

Trend Micro InterScan Web Security Virtual Appliance ManageIPConfig setDataIPConfig DNS Information Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ManageIPConfig's setDataIPConfig method. A crafted DN...