Moderate: freeipmi security update

The freeipmi packages contain an Intelligent Platform Management Interface IPMI remote console and system management software based on the IPMI specification. Security Fixes: freeipmi: buffer overflows on response messages via ipmi-oem CVE-2026-33554 For more details about the security issues,...

PT-2026-43262

A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been...

CODESYS多款产品 安全漏洞

CODESYS and others are products of the German CODESYS company. CODESYS is an industrial control automation software. CODESYS HMI is a visualization software. CODESYS Control RTE is a high-performance programmable controller. Several CODESYS products have security vulnerabilities; these...

PT-2026-43254

OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs parameter to the...

smallbitvec 输入验证错误漏洞

smallbitvec is a small bit vector implemented as an inline or heap storage mechanism by Servo Open Source. In versions 1.0.1 to 2.6.0 of smallbitvec, there was a vulnerability related to input validation errors. This vulnerability stemmed from integer overflows in internal capacity calculations,...

PT-2026-43381

SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...

PT-2026-43296

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper validation of the search parameter in the "com media files" API endpoint allows for path traversal, a condition where an attacker can access files and...

TOTOLINK N300RH 安全漏洞

TOTOLINK N300RH is a long-range wireless router produced by TOTOLINK Corporation. Version 6.1c.1353B20190305 of TOTOLINK N300RH contains a security vulnerability. This vulnerability stems from improper handling of parameters in the setPasswordCfg function of the file/cgi-bin/cstecgi.cgi within th...

PT-2026-43398

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.8.1 Description Broken access control exists in the OSS file service URL fetch API endpoint "chat/api/oss/get url". The system uses the application id variable from the URL path without validating ownership, which...

PT-2026-43248

A vulnerability has been found in Totolink N300RH 6.1c.1353 B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely...

CVE-2026-9497

A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this...

EUVD-2026-31730

A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this...

CVE-2026-9478

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack may be performe...

CVE-2026-9477

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. The attack is...

Exploit for CVE-2012-1803

CVE-2012-1803 Critical vulnerability in Siemens Rugge...

EUVD-2026-31712

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack may be performe...

CVE-2026-9478

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack may be performe...

CVE-2026-9478 Totolink A8000RU Web Management cstecgi.cgi setParentalRules os command injection

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack may be performe...

CVE-2026-9475

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument Comment causes os command injection. Remote exploitation of the attack is...

CVE-2026-9476

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be...