PT-2026-42971

Name of the Vulnerable Software and Affected Versions Edimax BR-6675nD version 1.12 Description A flaw in the POST Request Handler component allows for remote command injection. The issue exists within the formUSBStorage function located in the '/goform/formUSBStorage' endpoint. An attacker can...

Tenda F456 安全漏洞

The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a security vulnerability. This vulnerability stems from improper handling of the parameter “page” in the function frmL7ImForm located in the file/goform/L7Im. It may lead to a...

Edimax EW-7438RPn 命令注入漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Version 1.12 of the Edimax EW-7438RPn contains a command injection vulnerability. This vulnerability stems from improper handling of the parameter “method” in the function formEZCHNwlanSetup of the component...

SourceCodester SUP Online Shopping 代码注入漏洞

SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping contains a code injection vulnerability. This vulnerability arises from improper handling of the productName parameter in the file...

TOTOLINK A8000RU 操作系统命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a vulnerability related to operating system command injection. This vulnerability stems from improper handling of the resetFlags parameter in the function...

cal.diy 访问控制错误漏洞

cal.diy is an open-source calendar scheduling platform developed by Cal. Versions of cal.diy 4.9.4 and earlier contain a security vulnerability related to access control. This vulnerability stems from the getServerSideProps function in the Generic React API component file...

Edimax EW-7438RPn 命令注入漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. The Edimax EW-7438RPn version 1.28a has a command injection vulnerability. This vulnerability stems from improper handling of parameters such as...

Projectworlds Online Art Gallery Shop SQL注入漏洞

Projectworlds Online Art Gallery Shop is an online art gallery store open source by Projectworlds. Version 1.0 of Projectworlds Online Art Gallery Shop has a SQL injection vulnerability. This vulnerability stems from improper handling of the parameter sociallinked in the file admin/adminHome.php,...

Edimax BR-6675nD 命令注入漏洞

The Edimax BR-6675nD is a dual-band broadband wireless router produced by Edimax Corporation. Version 1.12 of the Edimax BR-6675nD contains a command injection vulnerability. This vulnerability stems from improper handling of the parameter “pinCode” in the POST Request Handler component...

Edimax BR-6675nD 安全漏洞

The Edimax BR-6675nD is a dual-band broadband wireless router produced by Edimax Corporation. A security vulnerability exists in the Edimax BR-6675nD version 1.12; this vulnerability stems from improper handling of the pptpUserName parameter in the POST Request Handler component...

itsourcecode Electronic Judging System SQL注入漏洞

itsourcecode Electronic Judging System is an open-source electronic referee system developed by itsourcecode. Version 1.0 of the itsourcecode Electronic Judging System has a SQL injection vulnerability. This vulnerability stems from improper handling of the Username parameter in the file...

TOTOLINK A8000RU 操作系统命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains an operating system command injection vulnerability. This vulnerability stems from improper handling of the provider parameter in the setDdnsCfg function of the...

PT-2026-42945

A vulnerability was found in Totolink A8000RU 7.1cu.643 b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument ip results in os command injection. The attack can be executed...

Prefect 参数注入漏洞

Prefect is a workflow orchestration tool developed by Prefect OpenSource, enabling developers to build, monitor data pipelines, and respond to them. Version 3.6.18 of Prefect contains a parameter injection vulnerability. This vulnerability stems from the reference field in the GitHubRepository...

TOTOLINK A8000RU 操作系统命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a vulnerability related to operating system command injection. This vulnerability stems from improper handling of the parameter “lang” in the function...

PT-2026-42918

Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn version 1.28a Description A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists in the formwlencrypt24g function within the '/goform/formwlencrypt24g' endpoint when manipulating...

Ettercap 安全漏洞

Ettercap is an open-source suite designed to protect against man-in-the-middle attacks. It features sniffing of real-time connections and dynamic content filtering. Versions of Ettercap prior to 0.8.3 contained security vulnerabilities. These vulnerabilities stemmed from improper parameter handli...

PT-2026-42944

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

Edimax EW-7438RPn 命令注入漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Version 1.12 of the Edimax EW-7438RPn contains a command injection vulnerability. This vulnerability stems from improper handling of the parameter submit-url in the formAccept function of the component POST...

SourceCodester Hospitals Patient Records Management System SQL注入漏洞

SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a SQL injection vulnerability. This vulnerability arises from...