Lucene search
K

105396 matches found

NVD
NVD
added 2026/05/03 7:16 a.m.15 views

CVE-2026-7682

A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit ha...

6.5CVSS0.01158EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/03 7:0 a.m.4 views

CVE-2026-7685 Edimax BR-6208AC setWAN buffer overflow

A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor...

9CVSS7.7AI score0.00481EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/03 6:45 a.m.4 views

CVE-2026-7684 Edimax BR-6428nC setWAN buffer overflow

A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be...

9CVSS7.7AI score0.00481EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/03 6:30 a.m.14 views

EUVD-2026-26821

A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has bee...

6.5CVSS5.5AI score0.01543EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/03 6:30 a.m.42 views

CVE-2026-7683 Edimax BR-6428nC Web setWAN command injection

A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has bee...

6.5CVSS0.01543EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/03 6:0 a.m.5 views

CVE-2026-5337

During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...

5.8AI score0.00212EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/03 6:0 a.m.5 views

EUVD-2026-26818

During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...

5.8AI score0.00212EPSS
Exploits0References1
CVE
CVE
added 2026/05/03 4:25 a.m.19 views

CVE-2026-5063

Affected software: NEX-Forms – Ultimate Forms Plugin for WordPress. Vulnerable component/function: submit_nex_form() in versions up to and including 9.1.11. Root cause: insufficient input sanitization and output escaping. Impact: unauthenticated stored Cross-Site Scripting via POST parameter key ...

7.2CVSS6AI score0.00243EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/03 4:25 a.m.53 views

CVE-2026-5063 NEX-Forms <= 9.1.11 - Unauthenticated Stored Cross-Site Scripting via POST Parameter Key Names

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submitnexform function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS0.00243EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/03 3:0 a.m.16 views

EUVD-2026-26810

A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/controller/ToolController.java of the component Tool Download Endpoint. The manipulation of the argument...

5.3CVSS5.4AI score0.00365EPSS
Exploits0References4
CVE
CVE
added 2026/05/03 3:0 a.m.25 views

CVE-2026-7676

CVE-2026-7676 affects kerwincui FastBee up to version 1.2.1. The vulnerability resides in ToolController.download (springboot/fastbee-open-api/src/main/java/com/fastbee/data/controller/ToolController.java) where manipulation of the fileName argument enables path traversal. The issue is exploitabl...

5.3CVSS5.4AI score0.00365EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.10 views

PT-2026-36701

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed...

7.5CVSS6.9AI score0.01655EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.8 views

Edimax BR-6428nC 注入漏洞

The Edimax BR-6428nC is a multi-functional wireless broadband router produced by Edimax Corporation. Versions of Edimax BR-6428nC prior to 1.16 contained a vulnerability. This vulnerability stemmed from an unknown function in the component’s Web Interface, specifically the file/goform/setWAN, whi...

6.5CVSS6.6AI score0.01543EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.9 views

PT-2026-36677

A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/controller/ToolController.java of the component Tool Download Endpoint. The manipulation of the argument...

5.3CVSS5.4AI score0.00365EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.10 views

PT-2026-45127

Name of the Vulnerable Software and Affected Versions Edimax BR-6478AC version 1.23 Description A stack-based buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the formPPPoESetup function located in the /goform/formPPPoESetup file, where...

9CVSS8.3AI score0.00447EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.7 views

Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 注入漏洞

Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform is a power operation and maintenance cloud platform developed by Acrel Corporation. Version 1.3.0 of the Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform contains a SQL injection...

7.5CVSS7.2AI score0.00343EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.13 views

FastBee 路径遍历漏洞

FastBee is an open-source IoT platform developed by FastBee in China. Versions of FastBee 1.2.1 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the operation of the ToolController.download function in the Tool Download Endpoint component, which handled the...

5.3CVSS5.8AI score0.00365EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.9 views

Edimax BR-6208AC 注入漏洞

The Edimax BR-6208AC is a wireless router produced by Edimax of Taiwan, China. Version 1.02 of the Edimax BR-6208AC has a vulnerability related to injection attacks. This vulnerability stems from the setWAN function in the L2TP Mode component, which processes the L2TPUserName parameter. This coul...

6.5CVSS6.6AI score0.01158EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.8 views

Wavlink WL-WN570HA1 注入漏洞

The Wavlink WL-WN570HA1 is a wireless network expansion device produced by the Chinese company Wavlink. The Wavlink WL-WN570HA1 R70HA1 V1410221110 version has a vulnerability related to command injection. This vulnerability stems from the operation of the parameter “Username” in the function...

9.8CVSS6.6AI score0.04971EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.10 views

Wavlink WL-WN570HA1 注入漏洞

The Wavlink WL-WN570HA1 is a wireless network expansion device produced by the Chinese company Wavlink. The Wavlink WL-WN570HA1 R70HA1 V1410221110 version has a vulnerability related to command injection. This vulnerability stems from the operation of the DDNS parameter in the function pingddns...

6.5CVSS6.6AI score0.03191EPSS
Exploits1References2
Rows per page
Query Builder