301994 matches found
CVE-2026-13538
A vulnerability was determined in Wavlink WL-NU516U1-A M16U1V240425. The affected element is the function sub401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote...
CVE-2026-13536
A vulnerability has been found in GotoHTTP up to 10.2. This issue affects some unknown processing of the file /reg.12x. The manipulation of the argument sn leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor...
CVE-2026-13539 Wavlink WL-NU516U1-A POST Parameter wireless.cgi sub_407504 stack-based overflow
A vulnerability was identified in Wavlink WL-NU516U1-A M16U1V240425. The impacted element is the function sub407504 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. Such manipulation of the argument Guestssid leads to stack-based buffer overflow. The attack can be execut...
CVE-2026-13539 Wavlink WL-NU516U1-A POST Parameter wireless.cgi sub_407504 stack-based overflow
A vulnerability was identified in Wavlink WL-NU516U1-A M16U1V240425. The impacted element is the function sub407504 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. Such manipulation of the argument Guestssid leads to stack-based buffer overflow. The attack can be execut...
CVE-2026-13538
The CVE concerns Wavlink WL-NU516U1-A (M16U1_V240425) with a vulnerability in /cgi-bin/wireless.cgi, function sub_401D68, within the POST Parameter Handler. Manipulating arguments SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 leads to command injection. Remote exploitation is possible, and an exploit has ...
CVE-2026-13538
A vulnerability was determined in Wavlink WL-NU516U1-A M16U1V240425. The affected element is the function sub401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote...
CVE-2026-13538 Wavlink WL-NU516U1-A POST Parameter wireless.cgi sub_401D68 command injection
A vulnerability was determined in Wavlink WL-NU516U1-A M16U1V240425. The affected element is the function sub401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote...
CVE-2026-13536
CVE-2026-13536 affects GotoHTTP (up to 10.2). The issue is described as a cross-site scripting vulnerability in the handling of the /reg.12x file, caused by manipulation of the argument sn. Reported to be remotely initiable and publicly disclosed. The vendor states it removed an unnecessary URL p...
CVE-2026-13536
A vulnerability has been found in GotoHTTP up to 10.2. This issue affects some unknown processing of the file /reg.12x. The manipulation of the argument sn leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor...
CVE-2026-13536 GotoHTTP reg.12x cross site scripting
A vulnerability has been found in GotoHTTP up to 10.2. This issue affects some unknown processing of the file /reg.12x. The manipulation of the argument sn leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana within Instana Agent container image build 1.0.320 Vulnerability Details CVEID:CVE-2026-42009 DESCRIPTION: A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Securit...
CVE-2026-49048
The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...
CVE-2026-49048
The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...
CVE-2026-49048 Joomla Extension - joomcoder.com - Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1
The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...
CVE-2026-49048
The CVE concerns the Joomla extension JoomCCK. A front-end controller task builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation, leading to SQL injection. Affected product/component: JoomCCK for Joomla; vu...
EUVD-2026-40003
The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2026.
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation released in June 2026. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM...
Exploit for CVE-2026-49048
CVE-2026-49048 — JoomCCK 6.4.0 Unauthenticated SQL Injection...
MISP < 2.5.37 - SQL Injection
MISP before 2.5.37 is vulnerable to SQL injection via the order parameter in EventsController. The POST body order value is passed directly into ORDER BY clauses without validation. id: CVE-2026-44381 info: name: MISP 2.5.37 - SQL Injection author: malcha severity: medium description: | MISP befo...
Joomla! Agora 3.0.0b - Local File Inclusion
Joomla! Agora 3.0.0b comagora allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php. id: CVE-2009-3053 info: name: Joomla! Agora 3.0.0b - Local File Inclusion author: daffainfo severit...