Lucene search
K

7803 matches found

CVE
CVE
added 6 days ago12 views

CVE-2026-13564

Summary: CVE-2026-13564 affects Edimax EW-7478APC firmware 1.04, specifically the POST Request Handler’s formPPPoESetup function. Manipulating the pppUserName argument triggers a stack-based buffer overflow, enabling remote attacker access. Public exploit reportedly exists and the vendor did not ...

9CVSS7.9AI score0.00751EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-13563 Edimax EW-7478APC POST Request formL2TPSetup stack-based overflow

A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to stack-based buffer overflow. It is possible to launch the attack...

9CVSS0.00445EPSS
Exploits0References5
CVE
CVE
added 6 days ago8 views

CVE-2026-13563

Edimax EW-7478APC (firmware 1.04) is affected in the POST Request Handler, specifically the formL2TPSetup function of /goform/formL2TPSetup. Manipulation of the L2TPUserName argument leads to a stack-based buffer overflow, enabling remote exploitation. Public exploit details exist, and the vendor...

9CVSS7.8AI score0.00445EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-13562 Edimax EW-7478APC POST Request formiNICSiteSurvey buffer overflow

A flaw has been found in Edimax EW-7478APC 1.04. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. This manipulation of the argument selSSID causes buffer overflow. It is possible to initiate the attack remotely. The exploit...

9CVSS0.00445EPSS
Exploits0References5
CVE
CVE
added 6 days ago11 views

CVE-2026-13562

The CVE concerns Edimax EW-7478APC 1.04, impacting the formiNICSiteSurvey function in /goform/formiNICSiteSurvey of the POST Request Handler. The root cause is a buffer overflow triggered by manipulating the selSSID argument, allowing remote initiation of an attack. This CVE has a published explo...

9CVSS7.5AI score0.00445EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-40072

A vulnerability was detected in Edimax EW-7478APC 1.04. The impacted element is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack may be performed from remote...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-13561 Edimax EW-7478APC POST Request formiNICbasic os command injection

A vulnerability was detected in Edimax EW-7478APC 1.04. The impacted element is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack may be performed from remote...

6.5CVSS0.01158EPSS
Exploits0References5
CVE
CVE
added 6 days ago10 views

CVE-2026-13561

Edimax EW-7478APC 1.04 is affected by CVE-2026-13561 in the formiNICbasic function of /goform/formiNICbasic within the POST Request Handler. The rootAPmac argument can be manipulated to achieve OS command injection, with remote execution possible as per the description. The exploit is public and ...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-13560 Edimax EW-7478APC POST Request formAccept os command injection

A security vulnerability has been detected in Edimax EW-7478APC 1.04. The affected element is the function formAccept of the file /goform/formAccept of the component POST Request Handler. The manipulation of the argument submit-url leads to os command injection. The attack is possible to be carri...

6.5CVSS0.01158EPSS
Exploits0References5
CVE
CVE
added 6 days ago11 views

CVE-2026-13560

Summary : CVE-2026-13560 affects Edimax EW-7478APC (firmware 1.04). The vulnerable component is the POST Request Handler’s /goform/formAccept function, where manipulating the argument submit-url enables an OS command injection . The attack is remote and the exploit has been disclosed publicly. Th...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References5
NVD
NVD
added 6 days ago10 views

CVE-2026-13557

A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. This vulnerability affects unknown code of the file /admin/modroom/controller.php?action=add of the component POST Request Handler. Such manipulation of the argument Name leads to cross site scripting. The attack m...

5.3CVSS0.00443EPSS
Exploits0References6
NVD
NVD
added 6 days ago6 views

CVE-2026-13556

A vulnerability was determined in itsourcecode Online Hotel Management System 1.0. This affects an unknown part of the file /admin/modusers/controller.php?action=edit of the component POST Request Handler. This manipulation of the argument Name causes cross site scripting. The attack may be...

5.3CVSS0.00443EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-40061

A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. This vulnerability affects unknown code of the file /admin/modroom/controller.php?action=add of the component POST Request Handler. Such manipulation of the argument Name leads to cross site scripting. The attack m...

5.3CVSS4.2AI score0.00443EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-13557 itsourcecode Online Hotel Management System POST Request controller.php add cross site scripting

A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. This vulnerability affects unknown code of the file /admin/modroom/controller.php?action=add of the component POST Request Handler. Such manipulation of the argument Name leads to cross site scripting. The attack m...

5.3CVSS0.00443EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-13556 itsourcecode Online Hotel Management System POST Request controller.php edit cross site scripting

A vulnerability was determined in itsourcecode Online Hotel Management System 1.0. This affects an unknown part of the file /admin/modusers/controller.php?action=edit of the component POST Request Handler. This manipulation of the argument Name causes cross site scripting. The attack may be...

5.3CVSS0.00443EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-53251

Name of the Vulnerable Software and Affected Versions Edimax EW-7478APC version 1.04 Description An OS command injection flaw exists in the POST Request Handler component. A remote attacker can exploit this by manipulating the submit-url argument within the formAccept function of the...

6.5CVSS7AI score0.01158EPSS
Exploits0References9
OSV
OSV
added 2026/06/27 3:48 a.m.6 views

MAL-2026-6545 Malicious code in crossmint-wallets-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dd4caebfba35b43bf10f156fe687f455e95b09a514b8644fe1a900b63f1bf78a Package name impersonates the Crossmint wallet SDK family. Both preinstall.js and index.js import childprocess, capture host identifiers hostname is...

5.8AI score
Exploits0References2
CVE
CVE
added 2026/06/26 6:56 p.m.15 views

CVE-2026-52784

CVE-2026-52784 (OpenProject) is a CSRF vulnerability in OpenProject’s web UI. The issue allows CSRF on a user-targeted action via POST to /users/:id with the parameter user[admin], enabling unauthorized state changes without user interaction. Affected software versions are prior to 17.3.3 and 17....

8.8CVSS5.8AI score0.00163EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 9:16 p.m.9 views

CVE-2026-11820

A flaw was found in the community.general Ansible collection's nexmo module. The module constructs HTTP requests to the Vonage/Nexmo SMS API by encoding API credentials apikey and apisecret into URL query parameters and sending them via GET requests. This causes credentials to be exposed in web...

6.5CVSS0.00287EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 7:53 p.m.31 views

CVE-2026-11820 Community.general: community.general nexmo — api credentials exposed in get url query string[security] community.general nexmo — api credentials exposed in get url query string

A flaw was found in the community.general Ansible collection's nexmo module. The module constructs HTTP requests to the Vonage/Nexmo SMS API by encoding API credentials apikey and apisecret into URL query parameters and sending them via GET requests. This causes credentials to be exposed in web...

6.5CVSS0.00287EPSS
Exploits0References2
Rows per page
Query Builder