CVE-2026-5995

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument laninfo can lead to os command injection. The attack may be performed from...

CVE-2026-5995 Totolink A7100RU CGI cstecgi.cgi setMiniuiHomeInfoShow os command injection

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument laninfo can lead to os command injection. The attack may be performed from...

CVE-2026-5995

The CVE affects Totolink A7100RU (firmware 7.4cu.2313_b20191024). The vulnerable component is /cgi-bin/cstecgi.cgi, function setMiniuiHomeInfoShow, where manipulating the lan_info argument enables OS command injection. Impact is described as high for confidentiality, integrity, and availability, ...

CVE-2026-23924

Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...

CVE-2026-3758

A weakness has been identified in projectworlds Online Art Gallery Shop 1.0. Affected by this issue is some unknown functionality of the file /admin/adminHome.php. This manipulation of the argument Info causes sql injection. Remote exploitation of the attack is possible. The exploit has been made...

CVE-2026-3758

A weakness has been identified in projectworlds Online Art Gallery Shop 1.0. Affected by this issue is some unknown functionality of the file /admin/adminHome.php. This manipulation of the argument Info causes sql injection. Remote exploitation of the attack is possible. The exploit has been made...

CVE-2026-3758 projectworlds Online Art Gallery Shop adminHome.php sql injection

A weakness has been identified in projectworlds Online Art Gallery Shop 1.0. Affected by this issue is some unknown functionality of the file /admin/adminHome.php. This manipulation of the argument Info causes sql injection. Remote exploitation of the attack is possible. The exploit has been made...

Projectworlds Online Art Gallery Shop SQL注入漏洞

Projectworlds Online Art Gallery Shop is an online art gallery store open source by Projectworlds. Version 1.0 of the Projectworlds Online Art Gallery Shop has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “Info” in the file “admin/adminHome.php...

PT-2026-23969

Name of the Vulnerable Software and Affected Versions ProjectWorlds Online Art Gallery Shop version 1.0 Description A SQL injection issue exists in the software due to manipulation of the Info argument within the file '/admin/adminHome.php'. Remote exploitation is possible. The exploit has been...

CVE-2025-14467

The WP Job Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.4. This is due to the plugin explicitly whitelisting the...

EUVD-2025-200005

Eximbills Enterprise 4.1.5 Built on 2020-10-30 is vulnerable to authenticated stored cross-site scripting CWE-79 via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPLINFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript...

CVE-2025-64030

Eximbills Enterprise 4.1.5 Built on 2020-10-30 is vulnerable to authenticated stored cross-site scripting CWE-79 via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPLINFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript...

CVE-2025-64030

Eximbills Enterprise 4.1.5 Built on 2020-10-30 is vulnerable to authenticated stored cross-site scripting CWE-79 via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPLINFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript...

EUVD-2019-7815

Malware in sbrugna...

native-php-cms 安全漏洞

native-php-cms is a website builder system for FLi individual developers. A security vulnerability exists in version 1.0 of native-php-cms, which stems from the parameter info in the file /fladmin/sysconfigdoedit.php that can lead to cross-site scripting attacks...

Genexis Tilgin Home Gateway Cross-Site Scripting Vulnerability

Genexis Tilgin Home Gateway is a series of home gateways from Genexis, a South Korean company. A cross-site scripting vulnerability exists in the Genexis Tilgin Fiber Home Gateway HG1522 CSx000-01090112 version, which stems from the fact that manipulation of the parameter productinfo can lead to...

Arris VAP2500 命令注入漏洞

The Arris VAP2500 is a wireless video access point device from Arris USA. A command injection vulnerability exists in the Arris VAP2500 version 08.50, which stems from the fact that manipulation of the parameter customerinfo in the file /diags.php can result in command injection...

CVE-2024-31013

Cross Site Scripting XSS vulnerability in emlog version Pro 2.3, allow remote attackers to execute arbitrary code via a crafted payload to the bottom of the homepage in footerinfo parameter...

DeShang DSShop Security Vulnerability

DeShang DSShop is a single-store mobile mall online store system from DeShang. A security vulnerability exists in DeShang DSShop before version 2.1.5, which originates from a path traversal caused by the operation of the parameter memberinfo in the file application/home/controller/MemberAuth.php...

CVE-2023-39827

Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the ruleinfo parameter in the formAddMacfilterRule function...