Lucene search
K

1436 matches found

Cvelist
Cvelist
added 2026/04/30 8:8 p.m.31 views

CVE-2026-33451 Arbitrary read/write vulnerability in Windows clients prior to 14.50

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system...

8.5CVSS0.00104EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/29 8:48 p.m.9 views

CVE-2026-7241

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried...

10CVSS8.2AI score0.02448EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.4 views

Juniper Junos OS Vulnerability (JSA96464)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA96464 advisory. - An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local,...

6.8CVSS5.9AI score0.00154EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/28 7:15 a.m.29 views

CVE-2026-7240 Totolink A8000RU CGI cstecgi.cgi setVpnAccountCfg os command injection

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument User leads to os command injection. The attack can be executed remotely...

10CVSS0.02426EPSS
Exploits0References5
CVE
CVE
added 2026/04/28 7:15 a.m.17 views

CVE-2026-7240

CVE-2026-7240 affects Totolink A8000RU 7.1cu.643_b20200521. The vulnerability resides in CGI Handler’s /cgi-bin/cstecgi.cgi function setVpnAccountCfg, where manipulation of the User argument enables OS command injection. This can be exploited remotely with no authentication (attack vector: NETWOR...

10CVSS8.1AI score0.02426EPSS
Exploits0References5
NVD
NVD
added 2026/04/27 4:16 p.m.5 views

CVE-2026-7136

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wanIdx can lead to os command injection. The attack may be launched...

10CVSS0.01766EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/27 12:15 p.m.4 views

CVE-2026-7123 Totolink A8000RU CGI cstecgi.cgi setIptvCfg os command injection

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument setIptvCfg results in os command injection. The attack can be initiated remotely. The...

10CVSS8.2AI score0.01766EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.10 views

TOTOLINK A8000RU 命令注入漏洞

The TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A8000RU 7.1cu.643b20200521 version has a command injection vulnerability. This vulnerability stems from improper handling of the pptpPassThru parameter in the setVpnPassCfg function of the...

10CVSS7.3AI score0.01785EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.7 views

PT-2026-34811

Name of the Vulnerable Software and Affected Versions SenseLive X3050 affected versions not specified Description The web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcemen...

8.1CVSS5.2AI score0.00324EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.7 views

PT-2026-34670

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi...

6.5CVSS6.1AI score0.00279EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/23 12:0 a.m.30 views

CVE-2026-31167

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi...

0.00279EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/20 10:15 a.m.4 views

CVE-2026-6629 Metasoft 美特软件 MetaCRM Interface sql.jsp Statement.executeUpdate sql injection

A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched remotely. The exploit has...

7.5CVSS5.5AI score0.00259EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.7 views

PT-2026-33762

Name of the Vulnerable Software and Affected Versions Progress ADC Products affected versions not specified Description An OS command injection flaw allows an authenticated attacker with "All" permissions to execute arbitrary commands on the LoadMaster appliance. This occurs due to unsanitized...

8.4CVSS6.2AI score0.0252EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/15 11:45 p.m.4 views

CVE-2026-5363

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

6CVSS5.8AI score0.00091EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/15 6:31 p.m.5 views

EUVD-2026-22958

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting XSS attack or a reflected XSS attack against a user of the web-based...

4.8CVSS5.8AI score0.00173EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/15 4:3 p.m.19 views

CVE-2026-20132 Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting XSS attack or a reflected XSS attack against a user of the web-based...

4.8CVSS0.00173EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.13 views

PT-2026-33082

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerabili...

4.7CVSS5.8AI score0.00202EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/14 7:22 p.m.6 views

CVE-2026-6131

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument command results in os command injection. The attack may be launched...

10CVSS6.9AI score0.01823EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.5 views

PT-2026-32579

Name of the Vulnerable Software and Affected Versions Prometheus versions 3.0 through 3.5.1 Prometheus versions 3.6.0 through 3.11.1 Description Stored cross-site scripting exists in multiple components of the Prometheus web UI, specifically within the Mantine UI and the old React UI. The issue...

6.1CVSS5.9AI score0.0024EPSS
Exploits0References232
EUVD
EUVD
added 2026/04/09 9:31 p.m.3 views

EUVD-2026-21184

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wifiOff can lead to os command injection. It is possible to launch the attack...

10CVSS7AI score0.02114EPSS
Exploits0References6
Rows per page
Query Builder