CVE-2026-1263

The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'weblingadminsaveform' and 'weblingadminsavememberlist' functions...

WordPress Users manager - PN plugin <= 1.1.15 - Unauthenticated Privilege Escalation via Account Takeover via 'userspn_form_save' AJAX Action vulnerability

WordPress Users manager - PN plugin = 1.1.15 - Unauthenticated Privilege Escalation via Account Takeover via 'userspnformsave' AJAX Action vulnerability discovered by BaroHaf - fpt in WordPress Plugin Users manager – PN versions = 1.1.15...

WordPress plugin Fluent Forms Pro 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-68707

An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. This can result in full compromise...

The vulnerability of the built-in boa server (/boafrm/formSaveConfig) of the TOTOLINK EX1200T router’s microprogramming software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the built-in boa server /boafrm/formSaveConfig of the TOTOLINK EX1200T router’s microprogramming software is related to the issue of the operation going beyond the buffer in memory when processing the submit-url parameter. Exploiting this vulnerability allows a malicious acto...

CVE-2025-6129

A vulnerability classified as critical was found in TOTOLINK EX1200T 4.1.2cu.5232B20210713. This vulnerability affects unknown code of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can b...

TOTOLINK EX1200T 安全漏洞

The TOTOLINK EX1200T is a wireless router from TOTOLINK that offers convenient network connectivity and management features. A buffer overflow vulnerability exists in the TOTOLINK EX1200T version 4.1.2cu.5232B20210713. The vulnerability arises due to a flaw in the handling of the submit-url...

CVE-2025-5739

A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate...

TOTOLINK X15 安全漏洞

TOTOLINK X15 is a network wireless extender from China's Gion Electronics TOTOLINK. The TOTOLINK X15 suffers from a buffer overflow vulnerability, which originates from the failure of the file /boafrm/formSaveConfig parameter submit-url to correctly validate the length and size of the input data ...

The vulnerability of the HTTP POST Request Handler component of the /boafrm/formSaveConfig file in the microprogramming software for routers A702R, A3002R, and A3002RU allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the HTTP POST Request Handler component in the /boafrm/formSaveConfig file of the microprogramming software for routers A702R, A3002R, and A3002RU is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an...

CVE-2025-4827

A vulnerability, which was classified as critical, was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer...

The vulnerability of the automation_tree_rules_form_save() function in the Cacti network monitoring software allows a attacker to perform XSS attacks.

The vulnerability of the automationtreerulesformsave function in the Cacti network monitoring software automationtreerules.php is related to the lack of protective measures for the website structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks...

The vulnerability of the form_save() function in the Cacti network monitoring software allows a hacker to execute arbitrary SQL queries.

The vulnerability of the formsave function in the Cacti network monitoring software is related to the lack of validation for the consistency of XML objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

SUSE CVE-2024-31443

Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in formsave function in dataqueries.php is not thoroughly checked and is used to concatenate the HTML statement in growrightpanetree function from lib/html.php , finally resulting in...

SUSE CVE-2024-31458

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in formsave function in graphtemplateinputs.php is not thoroughly checked and is used to concatenate the SQL statement in drawnontemplatedfieldsgraphitem function from...

DEBIAN-CVE-2024-31443

Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in formsave function in dataqueries.php is not thoroughly checked and is used to concatenate the HTML statement in growrightpanetree function from lib/html.php , finally resulting in...

DEBIAN-CVE-2024-31444

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerulesformsave function in automationtreerules.php is not thoroughly checked and is used to concatenate the HTML statement in formconfirm function from...

UBUNTU-CVE-2024-31458

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in formsave function in graphtemplateinputs.php is not thoroughly checked and is used to concatenate the SQL statement in drawnontemplatedfieldsgraphitem function from...

UBUNTU-CVE-2024-31443

Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in formsave function in dataqueries.php is not thoroughly checked and is used to concatenate the HTML statement in growrightpanetree function from lib/html.php , finally resulting in...

PT-2024-5189 · Cacti +3 · Cacti +3

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.27 Description: Cacti provides an operational monitoring and fault management framework. The issue arises from the form save function in data queries.php, where some stored data is not thoroughly checked and is use...