CVE-2026-9377 SourceCodester SUP Online Shopping productedit.php cross site scripting

A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation of the argument productName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...

CVE-2026-9377

A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation of the argument productName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is...

CVE-2026-9376

A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be...

CVE-2026-9362 Edimax EW-7438RPn Setting formConnectionSetting command injection

A security vulnerability has been detected in Edimax EW-7438RPn 1.12. This vulnerability affects the function formConnectionSetting of the file /goform/formConnectionSetting of the component Setting Handler. Such manipulation of the argument maxConn/timeOut leads to command injection. The attack...

CVE-2026-9360 Edimax EW-7438RPn POST Request formwlencrypt24g buffer overflow

A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this issue is the function formwlencrypt24g of the file /goform/formwlencrypt24g of the component POST Request Handler. The manipulation of the argument key1 results in buffer overflow. The attack can be launched remotely...

CVE-2026-9360 Edimax EW-7438RPn POST Request formwlencrypt24g buffer overflow

A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this issue is the function formwlencrypt24g of the file /goform/formwlencrypt24g of the component POST Request Handler. The manipulation of the argument key1 results in buffer overflow. The attack can be launched remotely...

CVE-2026-9359 Edimax EW-7438RPn POST Request formHwSet command injection

A vulnerability was identified in Edimax EW-7438RPn 1.28a. Affected by this vulnerability is the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulation of the argument...

EUVD-2026-31557

A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vulnerability is an unknown functionality of the file /goform/mp of the component webs. The manipulation of the argument webs results in stack-based buffer overflow. It is possible to launch the attack remotely. The explo...

CVE-2021-47967

PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can append malicious payloads to login.php, timeclock.php, audit.php, and timerpt.php endpoints, o...

CVE-2026-9347 Edimax EW-7438RPn webs formWizSurvey os command injection

A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mask/gateway leads to os command injection. It is possible to initiate the attack remotely. The explo...

CVE-2026-9345

The CVE concerns Edimax EW-7438RPn (firmware up to 1.31) in the webs component, specifically the formWizSurvey function located in /goform/formWizSurvey. The vulnerability arises from a buffer overflow triggered by manipulating arguments such as ssid, manualssid, ip, mask, or gateway. This is des...

CVE-2026-9344 Edimax EW-7438RPn webs formWpsStart stack-based overflow

A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The impacted element is an unknown function of the file /goform/formWpsStart of the component webs. Such manipulation of the argument pinCode/wlan-url leads to stack-based buffer overflow. The attack can be executed...

PT-2026-42971

Name of the Vulnerable Software and Affected Versions Edimax BR-6675nD version 1.12 Description A flaw in the POST Request Handler component allows for remote command injection. The issue exists within the formUSBStorage function located in the '/goform/formUSBStorage' endpoint. An attacker can...

PT-2026-42945

A vulnerability was found in Totolink A8000RU 7.1cu.643 b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument ip results in os command injection. The attack can be executed...

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.16 contained a security vulnerability. This vulnerability stemmed from unknown functions in the Slack Agent/Mattermost Agent components, which manipulated the...

SourceCodester Hospitals Patient Records Management System SQL注入漏洞

SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a SQL injection vulnerability. This vulnerability arises from...

Ettercap 安全漏洞

Ettercap is an open-source suite designed to protect against man-in-the-middle attacks. It features sniffing of real-time connections and dynamic content filtering. Versions of Ettercap prior to 0.8.3 contained security vulnerabilities. These vulnerabilities stemmed from improper parameter handli...

Edimax BR-6675nD 安全漏洞

The Edimax BR-6675nD is a dual-band broadband wireless router produced by Edimax Corporation. A security vulnerability exists in the Edimax BR-6675nD version 1.12; this vulnerability stems from improper handling of the pptpUserName parameter in the POST Request Handler component...

Edimax BR-6675nD 命令注入漏洞

The Edimax BR-6675nD is a dual-band broadband wireless router produced by Edimax Corporation. Version 1.12 of the Edimax BR-6675nD contains a command injection vulnerability. This vulnerability stems from improper handling of the parameter “pinCode” in the POST Request Handler component...

itsourcecode Electronic Judging System SQL注入漏洞

itsourcecode Electronic Judging System is an open-source electronic referee system developed by itsourcecode. Version 1.0 of the itsourcecode Electronic Judging System has a SQL injection vulnerability. This vulnerability stems from improper handling of the Username parameter in the file...