CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/25 9:45 a.m.•11 views

CVE-2026-9447

7.5CVSS6.9AI score0.00319EPSS

Vulnrichment•added 2026/05/25 9:30 a.m.•8 views

CVE-2026-9446 SourceCodester Simple POS and Inventory System edit_customer.php sql injection

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/editcustomer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed t...

EUVD•added 2026/05/25 9:30 a.m.•17 views

EUVD-2026-31660

ATTACKERKB•added 2026/05/25 9:30 a.m.•10 views

CVE-2026-9446

Vulnrichment•added 2026/05/25 9:0 a.m.•8 views

CVE-2026-9444 SourceCodester Simple POS and Inventory System GET Parameter deleteproduct.php delete sql injection

A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be launched remotely...

Cvelist•added 2026/05/25 9:0 a.m.•35 views

CVE-2026-9444 SourceCodester Simple POS and Inventory System GET Parameter deleteproduct.php delete sql injection

5.8CVSS0.00258EPSS

EUVD•added 2026/05/25 9:0 a.m.•11 views

EUVD-2026-31657

CVE•added 2026/05/25 8:45 a.m.•18 views

CVE-2026-9443

The CVE-2026-9443 vulnerability affects Edimax BR-6478AC 1.23, specifically the POST Request Handler’s formL2TPSetup function. Buffer overflow is triggered via manipulating the L2TPUserName argument in /goform/formL2TPSetup. Attack surface is network-exposed and low privileges are required, with ...

9CVSS7.8AI score0.00589EPSS

EUVD•added 2026/05/25 8:30 a.m.•10 views

EUVD-2026-31653

A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. Executing a manipulation of the argument selSSID can lead to buffer overflow. The attack can be launched remotely. Th...

9CVSS7.8AI score0.00589EPSS

NVD•added 2026/05/25 8:16 a.m.•12 views

CVE-2026-9438

A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from...

5.5CVSS0.00324EPSS

EUVD•added 2026/05/25 8:0 a.m.•13 views

EUVD-2026-31651

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack...

6.5CVSS6.5AI score0.01364EPSS

Vulnrichment•added 2026/05/25 7:30 a.m.•6 views

CVE-2026-9438 yashpokharna2555 StudentManagementSystem courseDel.php resource injection

5.5CVSS5.7AI score0.00324EPSS

NVD•added 2026/05/25 7:16 a.m.•9 views

CVE-2026-9431

A vulnerability was identified in Tenda F1202 1.2.0.20408. This affects the function fromPptpUserAdd of the file /goform/PptpUserAdd. The manipulation of the argument opttype leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be...

9CVSS0.00438EPSS

EUVD•added 2026/05/25 7:15 a.m.•16 views

EUVD-2026-31645

A vulnerability has been found in DTStack Taier 1.4.0. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may ...

6.5CVSS6.2AI score0.01364EPSS

ATTACKERKB•added 2026/05/25 6:30 a.m.•11 views

CVE-2026-9434

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument wscDisabled leads to os command injection. The attack may be...

10CVSS7AI score0.01732EPSS

EUVD•added 2026/05/25 6:15 a.m.•14 views

EUVD-2026-31641

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument enable causes os command injection. The attack may be initiated...

10CVSS5.6AI score0.01732EPSS

Vulnrichment•added 2026/05/25 6:0 a.m.•7 views

CVE-2026-9432 Totolink A8000RU Web Management cstecgi.cgi setWiFiAdvancedCfg os command injection

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument bgProtection results in os command injection. The...

10CVSS7AI score0.01732EPSS

ATTACKERKB•added 2026/05/25 6:0 a.m.•8 views

CVE-2026-9432

10CVSS7AI score0.01732EPSS

EUVD•added 2026/05/25 5:45 a.m.•13 views

EUVD-2026-31639

9CVSS6.4AI score0.00438EPSS