109 matches found
CVE-2026-31167
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31167
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31167
CVE-2026-31167 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. The issue is arbitrary commands execution via the mode parameter to /cgi-bin/cstecgi.cgi. Reported CVSS 3.1 base score 6.5 (Network, low complexity, no privileges required, user interaction not required). The connected sourc...
CVE-2026-5678 Totolink A7100RU cstecgi.cgi setScheduleCfg os command injection
A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument mode can lead to os command injection. The attack may be launched remotely. The exploit has been...
TOTOLINK A7100RU 操作系统命令注入漏洞
The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter “mode” in the file...
CVE-2026-3662 Wavlink WL-NU516U1 adm.cgi usb_p910 command injection
A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usbp910 of the file /cgi-bin/adm.cgi. Such manipulation of the argument Prmode leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...
WAVLINK WL-NU516U1 命令注入漏洞
WAVLINK WL-NU516U1 is a wireless print server developed by WAVLINK Corporation. The version 240425 of WAVLINK WL-NU516U1 has a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter Prmode in the file/cgi-bin/adm.cgi, which may lead to command injection...
PT-2026-23887
Name of the Vulnerable Software and Affected Versions Tenda FH451 version 1.0.0.9 Description A stack-based buffer overflow exists in the function sub 3C434 of the file /goform/AdvSetWan. Manipulation of the wanmode/PPPOEPassword argument can trigger this issue. The attack can be initiated remote...
CVE-2021-41461
Cross-site scripting XSS vulnerability in concrete/elements/collectionadd.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode parameter...
WordPress 3D FlipBook - Lite Edition plugin <= 1.16.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via style and mode Parameters vulnerability
WordPress 3D FlipBook - Lite Edition plugin = 1.16.15 - Authenticated Contributor+ Stored Cross-Site Scripting via style and mode Parameters vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery versions = 1.16.15...
📄 RiteCMS 3.1.0 Cross Site Scripting
RiteCMS version 3.1.0 suffers from a cross site scripting vulnerability. Exploit Title: RiteCMS 3.1.0 - Reflected XSS in Admin Panel Date: October 28, 2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/ritecms/ritecms Version: RiteCMS 3.1.0...
CVE-2025-7634
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on th...
CVE-2025-7634 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Unauthenticated Local File Inclusion
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on th...
EUVD-2025-33237
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on th...
CVE-2025-7634 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Unauthenticated Local File Inclusion
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on th...
PT-2025-41358
Name of the Vulnerable Software and Affected Versions WP Travel Engine – Tour Booking Plugin – Tour Operator Software versions prior to 6.6.8 Description The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is susceptible to a Local File Inclusion issue in...
EUVD-2019-5233
Malware in sbrugna...
EUVD-2005-0736
Malware in sbrugna...
EUVD-2007-5279
Malware in sbrugna...
EUVD-2018-3875
Malware in sbrugna...