105399 matches found
Edimax BR-6208AC 注入漏洞
The Edimax BR-6208AC is a wireless router produced by Edimax of Taiwan, China. Version 1.02 of the Edimax BR-6208AC has a vulnerability related to injection attacks. This vulnerability stems from the setWAN function in the L2TP Mode component, which processes the L2TPUserName parameter. This coul...
Wavlink WL-WN570HA1 注入漏洞
The Wavlink WL-WN570HA1 is a wireless network expansion device produced by the Chinese company Wavlink. The Wavlink WL-WN570HA1 R70HA1 V1410221110 version has a vulnerability related to command injection. This vulnerability stems from the operation of the parameter “Username” in the function...
Wavlink WL-WN570HA1 注入漏洞
The Wavlink WL-WN570HA1 is a wireless network expansion device produced by the Chinese company Wavlink. The Wavlink WL-WN570HA1 R70HA1 V1410221110 version has a vulnerability related to command injection. This vulnerability stems from the operation of the DDNS parameter in the function pingddns...
Dolibarr ERP CRM 注入漏洞
Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM 23.0.2 and earlier had a injection vulnerability. This vulnerability stemmed from the operation of the fields parameter in the checkValForAPI function of the Shipments API...
PT-2026-36722
Name of the Vulnerable Software and Affected Versions JD Cloud JDCOS version 4.5.1.r4518 Description A flaw in the Service Interface component allows remote command injection. The issue exists within the set iptv info function of the '/jdcap' file, where improper handling of the vid argument...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the operation of the parameter “pei” in the function...
PT-2026-36681
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submit nex form function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it...
youlai-boot 注入漏洞
Youlai-Boot is a permission management system open source by Youlaiorg in China. Versions of Youlai-Boot 2.21.1 and earlier had a injection vulnerability. This vulnerability originated from the function getUserList in the Users Endpoint component’s file...
PT-2026-36694
Name of the Vulnerable Software and Affected Versions Wavlink WL-WN570HA1 version R70HA1 V1410 221110 Description A command injection issue exists that allows remote attackers to execute arbitrary commands. The flaw is located in the set sys adm function within the '/cgi-bin/adm.cgi' endpoint,...
JD Cloud JDCOS 注入漏洞
JD Cloud JDCOS is a cloud object storage service provided by JD.com, a Chinese e-commerce company. The version JD Cloud JDCOS 4.5.1.r4518 contains a vulnerability due to an injection flaw in the Service Interface component. This flaw stems from the function setiptvinfo in the file/jdcap, which...
WordPress plugin Frontend File Manager Plugin 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is a...
crmeb_java 访问控制错误漏洞
crmebjava is an open-source e-commerce system developed by CRMEB. Versions of crmebjava 1.3.4 and earlier contained a access control vulnerability. This vulnerability stemmed from unknown code in the Admin Upload component, specifically in the...
Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 注入漏洞
Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System is a microgrid energy efficiency management system developed by Acrel Corporation. Version 1.3.0 of the Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System contains a SQL injection...
PT-2026-36696
Name of the Vulnerable Software and Affected Versions Wavlink WL-WN570HA1 version R70HA1 V1410 221110 Description A remote command injection issue exists in the ping ddns function within the '/cgi-bin/adm.cgi' endpoint. Manipulating the DDNS argument allows an attacker to execute arbitrary comman...
Tiandy Easy7 Integrated Management Platform 命令注入漏洞
Tiandy Easy7 Integrated Management Platform is a comprehensive video surveillance management platform developed by Tiandy Company in China. The version 7.17.0 of Tiandy Easy7 Integrated Management Platform contains a command injection vulnerability. This vulnerability stems from an unknown functi...
COCO Annotator 路径遍历漏洞
COCO Annotator is a web-based image annotation tool developed by Justin Brooks. It aims to provide versatility and efficient image annotation. Versions of COCO Annotator 0.11.1 and earlier contained a path traversal vulnerability. This vulnerability stemmed from an unknown function in the Data...
CVE-2026-7670 Jinher OA UserSel.aspx sql injection
A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...
Arbitrary Command Injection
Overview mcp-server-rijksmuseum is a Affected versions of this package are vulnerable to Arbitrary Command Injection via the openimageinbrowser function. An attacker can execute arbitrary operating system commands by manipulating the imageUrl argument remotely. Remediation There is no fixed versi...
CVE-2026-7632
A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...
CVE-2026-7633
A vulnerability was identified in Totolink N300RH 6.1c.1353B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to file inclusion. The attack may be performed from remote. The exploit is publicly available and mig...