CVE-2026-9481 Edimax EW-7438RPn formStats stack-based overflow

A flaw has been found in Edimax EW-7438RPn 1.31. This affects the function formStats of the file /goform/formStats. This manipulation of the argument submit-url causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was...

CVE-2026-9480 Edimax EW-7438RPn formrefresh stack-based overflow

A vulnerability was detected in Edimax EW-7438RPn 1.31. The impacted element is the function formrefresh of the file /goform/formrefresh. The manipulation of the argument submit-url results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and...

EUVD-2026-31703

A vulnerability was detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file /student.php. Performing a manipulation of the argument FIRSTNAME results in cross site scripting. The attack can be initiated remotely...

EUVD-2026-31701

A weakness has been identified in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. The impacted element is an unknown function of the file /success.php. This manipulation of the argument User causes sql injection. It is possible to initiate the attack remotely. T...

EUVD-2018-21893

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious HTML forms targeting rolesfunction.php with parameters like rolassignroles, rolapproveusers, and...

CVE-2018-25370

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious HTML forms targeting rolesfunction.php with parameters like rolassignroles, rolapproveusers, and...

CVE-2018-25370

CVE-2018-25370 affects Admidio 3.3.5. A cross-site request forgery vulnerability allows low-privilege users to increase permissions by exploiting improper origin checking in roles_function.php. Attacks can craft malicious HTML forms targeting parameters such as rol_assign_roles, rol_approve_users...

CVE-2018-25370 Admidio 3.3.5 Cross-Site Request Forgery via roles_function.php

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious HTML forms targeting rolesfunction.php with parameters like rolassignroles, rolapproveusers, and...

CVE-2026-47069 CRLF injection in cookie domain/path options in hackney

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and...

CVE-2026-9463

A flaw has been found in Edimax EW-7438RPn 1.31. Affected by this issue is the function formLicence of the file /goform/formLicence. This manipulation of the argument submit-url causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be use...

CVE-2026-9463

Edimax EW-7438RPn (firmware 1.31) is affected by a stack-based overflow in the formLicence function (/goform/formLicence). The input submission is manipulated to trigger overflow, enabling a remote attack. Exploit code has been published. Vendor contact did not yield a response. The provided mate...

CVE-2026-9460

A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made...

EUVD-2026-31673

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument FileName leads to os command injection. Remote exploitation of the...

CVE-2026-9277

A flaw was found in the shell-quote component. The quote function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpre...

MAL-2026-4511 Malicious code in chai-as-patch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0f6b316992ec48b2d29d234f9debebcf239653a2371d54ab9f6e487c4fdba7b This package is a typosquat of chai-as-promised that delivers remote code execution to any installer that requires it and invokes the exported...

CVE-2026-9440 Edimax BR-6478AC POST Request formAccept command injection

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack...

CVE-2026-9439

Edimax BR-6675nD (version 1.12) is affected through the stainfo function in /goform/stainfo, enabling remote command injection due to interface argument handling. Public exploit exists; vendor did not respond to disclosure. No remediation details are provided in the available documents.

CVE-2026-9439

A vulnerability was determined in Edimax BR-6675nD 1.12. Affected is the function stainfo of the file /goform/stainfo. This manipulation of the argument interface causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2026-9439 Edimax BR-6675nD stainfo command injection

A vulnerability was determined in Edimax BR-6675nD 1.12. Affected is the function stainfo of the file /goform/stainfo. This manipulation of the argument interface causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2026-9438

A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from...