Lucene search
K

109 matches found

Vulnrichment
Vulnrichment
added 2026/04/23 12:0 a.m.4 views

CVE-2026-31167

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi...

6.1AI score0.00279EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/23 12:0 a.m.30 views

CVE-2026-31167

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi...

0.00279EPSS
Exploits1References1
CVE
CVE
added 2026/04/23 12:0 a.m.11 views

CVE-2026-31167

CVE-2026-31167 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. The issue is arbitrary commands execution via the mode parameter to /cgi-bin/cstecgi.cgi. Reported CVSS 3.1 base score 6.5 (Network, low complexity, no privileges required, user interaction not required). The connected sourc...

6.5CVSS6.1AI score0.00279EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/06 6:45 p.m.23 views

CVE-2026-5678 Totolink A7100RU cstecgi.cgi setScheduleCfg os command injection

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument mode can lead to os command injection. The attack may be launched remotely. The exploit has been...

7.5CVSS0.0114EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter “mode” in the file...

7.5CVSS7.1AI score0.0114EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/07 1:32 p.m.3 views

CVE-2026-3662 Wavlink WL-NU516U1 adm.cgi usb_p910 command injection

A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usbp910 of the file /cgi-bin/adm.cgi. Such manipulation of the argument Prmode leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

5.8CVSS5.6AI score0.11166EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.7 views

WAVLINK WL-NU516U1 命令注入漏洞

WAVLINK WL-NU516U1 is a wireless print server developed by WAVLINK Corporation. The version 240425 of WAVLINK WL-NU516U1 has a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter Prmode in the file/cgi-bin/adm.cgi, which may lead to command injection...

7.2CVSS5.8AI score0.11166EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.12 views

PT-2026-23887

Name of the Vulnerable Software and Affected Versions Tenda FH451 version 1.0.0.9 Description A stack-based buffer overflow exists in the function sub 3C434 of the file /goform/AdvSetWan. Manipulation of the wanmode/PPPOEPassword argument can trigger this issue. The attack can be initiated remote...

9CVSS7.6AI score0.00563EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2026/01/09 11:35 a.m.5 views

CVE-2021-41461

Cross-site scripting XSS vulnerability in concrete/elements/collectionadd.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode parameter...

6.1CVSS5.9AI score0.00818EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.4 views

WordPress 3D FlipBook - Lite Edition plugin <= 1.16.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via style and mode Parameters vulnerability

WordPress 3D FlipBook - Lite Edition plugin = 1.16.15 - Authenticated Contributor+ Stored Cross-Site Scripting via style and mode Parameters vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery versions = 1.16.15...

6.4CVSS5.9AI score0.00205EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2025/10/28 12:0 a.m.145 views

📄 RiteCMS 3.1.0 Cross Site Scripting

RiteCMS version 3.1.0 suffers from a cross site scripting vulnerability. Exploit Title: RiteCMS 3.1.0 - Reflected XSS in Admin Panel Date: October 28, 2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/ritecms/ritecms Version: RiteCMS 3.1.0...

6.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/10/10 6:20 a.m.5 views

CVE-2025-7634

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on th...

9.8CVSS7.3AI score0.00751EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/09 5:23 a.m.9 views

CVE-2025-7634 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Unauthenticated Local File Inclusion

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on th...

9.8CVSS0.00751EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/09 5:23 a.m.5 views

EUVD-2025-33237

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on th...

9.8CVSS6.8AI score0.00751EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/09 5:23 a.m.3 views

CVE-2025-7634 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Unauthenticated Local File Inclusion

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on th...

9.8CVSS6.9AI score0.00751EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.7 views

PT-2025-41358

Name of the Vulnerable Software and Affected Versions WP Travel Engine – Tour Booking Plugin – Tour Operator Software versions prior to 6.6.8 Description The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is susceptible to a Local File Inclusion issue in...

9.8CVSS6.9AI score0.00751EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-5233

Malware in sbrugna...

6.1CVSS6.3AI score0.00848EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-0736

Malware in sbrugna...

10CVSS6.4AI score0.07666EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-5279

Malware in sbrugna...

5CVSS6.4AI score0.08272EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-3875

Malware in sbrugna...

7.8CVSS7.7AI score0.00177EPSS
Exploits0References3
Rows per page
Query Builder