CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/25 1:15 p.m.•19 views

CVE-2026-9461

Edimax EW-7438RPn (v1.31) is affected by a stack-based overflow in the formRadius function located in /goform/formRadius. The vulnerability is triggered by manipulating the submit-url argument, enabling a remote attacker to exploit it. Public exploit details exist, and the vendor was contacted bu...

9CVSS7.8AI score0.00751EPSS

Vulnrichment•added 2026/05/25 1:0 p.m.•7 views

CVE-2026-9460 Edimax EW-7438RPn formAccept stack-based overflow

A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made...

9CVSS7.9AI score0.00751EPSS

Cvelist•added 2026/05/25 12:45 p.m.•34 views

CVE-2026-9459 Edimax EW-7438RPn formConnectionSetting stack-based overflow

A security flaw has been discovered in Edimax EW-7438RPn 1.31. This affects the function formConnectionSetting of the file /goform/formConnectionSetting. Performing a manipulation of the argument maxConn/timeOut results in stack-based buffer overflow. It is possible to initiate the attack remotel...

9CVSS0.00751EPSS

Cvelist•added 2026/05/25 12:30 p.m.•32 views

CVE-2026-9458 Totolink A8000RU Web Management cstecgi.cgi setWanCfg os command injection

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument enabled leads to os command injection. The attack may be performed fr...

10CVSS0.02135EPSS

ATTACKERKB•added 2026/05/25 12:15 p.m.•7 views

CVE-2026-9457

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The attack is possible...

10CVSS7AI score0.02094EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2026/05/25 12:15 p.m.•7 views

CVE-2026-9457 Totolink A8000RU Web Management cstecgi.cgi UploadFirmwareFile os command injection

10CVSS7AI score0.02094EPSS

Cvelist•added 2026/05/25 12:0 p.m.•31 views

CVE-2026-9456 Totolink A8000RU Web Management cstecgi.cgi setOpenVpnCfg os command injection

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enabled results in os command injection. The attack can be executed remotely. The...

10CVSS0.02135EPSS

CVE•added 2026/05/25 11:45 a.m.•17 views

CVE-2026-9455

CVE-2026-9455 affects Totolink A8000RU Web Management, specifically the UploadOpenVpnCert function in /cgi-bin/cstecgi.cgi. The vulnerability stems from manipulating the FileName argument, causing a remote OS command injection with network access, and a public exploit is indicated (exploit maturi...

10CVSS6.9AI score0.02135EPSS

Cvelist•added 2026/05/25 11:15 a.m.•34 views

CVE-2026-9453 FoundDream miniclawd SkillsLoader skills-loader.ts which command injection

A vulnerability was detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. This affects the function which of the file /src/application/skills-loader.ts of the component SkillsLoader. Performing a manipulation of the argument requires.bins results in command injection. T...

7.5CVSS0.01549EPSS

ATTACKERKB•added 2026/05/25 11:15 a.m.•8 views

CVE-2026-9453

7.5CVSS6.8AI score0.01549EPSS

EUVD•added 2026/05/25 11:15 a.m.•10 views

EUVD-2026-31671

7.5CVSS5.6AI score0.01549EPSS

Vulnrichment•added 2026/05/25 11:15 a.m.•7 views

CVE-2026-9453 FoundDream miniclawd SkillsLoader skills-loader.ts which command injection

7.5CVSS6.8AI score0.01549EPSS

CVE•added 2026/05/25 11:15 a.m.•16 views

CVE-2026-9453

Technical details (affected products, versions, root cause, exploit specifics) are not publicly available in the provided documents. Monitor for updates.

7.5CVSS6.8AI score0.01549EPSS

CVE•added 2026/05/25 11:0 a.m.•16 views

CVE-2026-9452

FoundDream miniclawd contains a vulnerability in ExecTool.execute (file /src/tools/exec.ts) that allows os command injection via remote input. The CVE-2026-9452 entry notes no software versioning and that affected/unaffected releases are unavailable, with public exploit disclosure and a proof-of-...

7.5CVSS6.7AI score0.01549EPSS

EUVD•added 2026/05/25 10:45 a.m.•6 views

EUVD-2026-31666

A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has...

Vulnrichment•added 2026/05/25 10:45 a.m.•6 views

CVE-2026-9451 code-projects Employee Management System applyleaveprocess.php sql injection

ATTACKERKB•added 2026/05/25 10:45 a.m.•7 views

CVE-2026-9451

Exploits0References5Affected Software1

CVE•added 2026/05/25 10:30 a.m.•13 views

CVE-2026-9450

The CVE-2026-9450 entry concerns code-projects Employee Management System 1.0. A SQL injection vulnerability exists in /psubmit.php via the pid parameter. The issue is exploitable remotely, with exploitation maturity listed as PROOF-OF-CONCEPT. Affected component/function is unknown beyond /psubm...