CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/26 12:30 p.m.•40 views

CVE-2026-9543 Totolink N300RH Web Management cstecgi.cgi setPasswordCfg os command injection

A vulnerability has been found in Totolink N300RH 6.1c.1353B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. T...

10CVSS0.02133EPSS

Cvelist•added 2026/05/26 12:0 p.m.•37 views

CVE-2026-9542 CodeAstro Leave Management System add_staff.php sql injection

A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/addstaff.php. Executing a manipulation of the argument emailid can lead to sql injection. The attack can be launched remotely. The exploit has been made availabl...

6.5CVSS0.00196EPSS

EUVD•added 2026/05/26 12:0 p.m.•10 views

EUVD-2026-31815

6.5CVSS6.5AI score0.00196EPSS

CVE•added 2026/05/26 12:0 p.m.•15 views

CVE-2026-9542

CodeAstro Leave Management System 1.0 has a SQL injection vulnerability in /admin/add_staff.php via manipulating the email_id parameter. The issue arises from an as‑yet unnamed function and is exploitable remotely, with public exploits available. CVSS metrics are provided (e.g., COND/PR/L impacts...

6.5CVSS6.5AI score0.00196EPSS

Cvelist•added 2026/05/26 10:30 a.m.•41 views

CVE-2026-9540 vllm-project vllm OpenAI-compatible Serving Path denial of service

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

6.9CVSS0.00427EPSS

Exploits0References7

CVE•added 2026/05/26 10:30 a.m.•33 views

CVE-2026-9540

CVE-2026-9540 affects vllm-project vllm 0.19.0, specifically an issue in the OpenAI-compatible Serving Path that allows remote manipulation leading to a denial of service. The vulnerability’s exploitation is described as publicly available, with a pull request to fix it awaiting acceptance. CVSS ...

6.9CVSS5.8AI score0.00427EPSS

Exploits0References7

NVD•added 2026/05/26 7:16 a.m.•9 views

CVE-2026-9534

A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument PIN can lead to os command injection. It is possible to launch the attack remotely. The...

6.5CVSS0.01803EPSS

RedHat Linux•added 2026/05/26 6:51 a.m.•10 views

gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...

7.5CVSS6.1AI score0.01217EPSS

Vulnrichment•added 2026/05/26 6:45 a.m.•11 views

CVE-2026-8046 Incorrect Authorization in CODESYS Control

The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...

8.1CVSS5.8AI score0.00348EPSS

Exploits0References1

RedHat Linux•added 2026/05/26 6:40 a.m.•10 views

gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly

7.5CVSS6.1AI score0.01217EPSS

EUVD•added 2026/05/26 5:30 a.m.•11 views

EUVD-2026-31796

CVE•added 2026/05/26 5:30 a.m.•27 views

CVE-2026-9534

Summary: Totolink CA750-PoE firmware 6.2c.510 is affected by a vulnerability in the Setting Handler (file /cgi-bin/cstecgi.cgi, function setWiFiWpsConfig). A manipulation of the PIN argument can lead to an OS command injection, and the attack can be launched remotely. The exploit has been publish...

Vulnrichment•added 2026/05/26 5:0 a.m.•11 views

CVE-2026-9532 Totolink CA750-PoE Setting cstecgi.cgi setUploadUserData os command injection

A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. The attack may be performe...

6.5CVSS6.3AI score0.01803EPSS

CVE•added 2026/05/26 5:0 a.m.•20 views

CVE-2026-9532

CVE-2026-9532 affects Totolink CA750-PoE 6.2c.510. The vulnerability lies in the Setting Handler’s file /cgi-bin/cstecgi.cgi function setUploadUserData where manipulation of the argument FileName leads to an OS command injection . The issue is reported as exploitable from remote with the exploit ...

6.5CVSS6.3AI score0.01803EPSS

EUVD•added 2026/05/26 5:0 a.m.•12 views

EUVD-2026-31794

6.5CVSS6.3AI score0.01803EPSS

ATTACKERKB•added 2026/05/26 4:45 a.m.•7 views

CVE-2026-9531

A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The...

Exploits0References5Affected Software1

Vulnrichment•added 2026/05/26 4:45 a.m.•8 views

CVE-2026-9531 Totolink CA750-PoE Setting cstecgi.cgi setUpgradeUboot os command injection

NVD•added 2026/05/26 4:16 a.m.•16 views

CVE-2026-9523

A vulnerability was detected in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2. Affected by this vulnerability is an unknown functionality of the file /SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree. Performing a manipulation of the argument...

7.5CVSS0.0033EPSS