CVE-2026-7124

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument addrPrefixLen can lead to os command injection. The attack ca...

EUVD-2026-29203

EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration functionality. Due to insufficient input validation, the attacker is able to execute arbitrary system commands on the device...

EUVD-2020-30239

Malware in sbrugna...

EUVD-2025-9498

Malicious code in bioql PyPI...

CVE-2025-9603

A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. The affected element is an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg. Executing manipulation of the argument Hostname can lead to command injection. The attack may be performed from a remote location. The...

Tenda RX2 Pro 安全漏洞

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from an input validation error vulnerability that stems from a lack of input validation in the setLanCfg API endpoint, which can be exploited by an attacker to gain root shell access...

CVE-2025-26054

Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting XSS via the "Description" field during LAN configuration...

CVE-2025-26054

Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting XSS via the "Description" field during LAN configuration...

CVE-2025-26054

Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting XSS via the "Description" field during LAN configuration...

CVE-2025-26054

CVE-2025-26054 affects Infinxt iEdge 100 (version 2.1.32). The vulnerability is a Cross Site Scripting (XSS) flaw exploitable via the Description field during LAN configuration, caused by unsanitized user-controlled input in that field. CVSS v3.1 base score 5.4 (Medium) with Network attack vector...

CVE-2025-26054

Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting XSS via the "Description" field during LAN configuration...

Infinxt iEdge 100 跨站脚本漏洞

Infinxt iEdge 100 is a next-generation secure SD-WAN appliance for small and medium-sized branch offices from Infinxt. A cross-site scripting vulnerability exists in Infinxt iEdge 100 version 2.1.32, which originates from cross-site scripting in the description field in the LAN configuration...

CVE-2020-9419

Multiple stored cross-site scripting XSS vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domainname parameters present in the LAN configuration section of the administrative dashboard...

Cross site scripting

Multiple stored cross-site scripting XSS vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domainname parameters present in the LAN configuration section of the administrative dashboard...

CVE-2020-9419

Multiple stored cross-site scripting XSS vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domainname parameters present in the LAN configuration section of the administrative dashboard...

CVE-2020-9419

CVE-2020-9419 affects Arcadyan Wifi routers VRV9506JAC23. The stored XSS flaws occur in the LAN configuration section of the administrative dashboard, exploitable via hostName and domain_name parameters in the LAN config. Impact: remote XSS with payloads injected into admin UI; exploitation requi...

CVE-2022-37061

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...

Vulnerabilities fixed in Microsoft Windows

Vulnerabilities have been fixed in Windows. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Impersonating another user Access to sensitive...

[SECURITY] Fedora 31 Update: ipmitool-1.8.18-19.fc31

This package contains a utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. This utility can communicate with IPMI-enabled devices through either a kernel...

4 TOTOLINK Router Models - CSRF and XSS Vulnerabilities

4 TOTOLINK router models suffer from cross site request forgery and cross site scripting vulnerabilities. Advisory Information Title: 4 TOTOLINK router models vulnerable to CSRF and XSS attacks Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x01.txt Blog URL:...