CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/09 6:30 a.m.•72 views

CVE-2026-5853 Totolink A7100RU CGI cstecgi.cgi setIpv6LanCfg os command injection

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument addrPrefixLen leads to os command injection. The attack...

10CVSS0.14277EPSS

NVD•added 2026/04/09 6:16 a.m.•3 views

CVE-2026-5849

A vulnerability was determined in Tenda i12 1.0.0.113862. The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

9.8CVSS0.00632EPSS

Vulnrichment•added 2026/04/09 6:15 a.m.•2 views

CVE-2026-5852 Totolink A7100RU CGI cstecgi.cgi setIptvCfg os command injection

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument igmpVer causes os command injection. The attack is possible to be carried out remotely. The...

10CVSS6.9AI score0.14277EPSS

CVE•added 2026/04/09 6:15 a.m.•10 views

CVE-2026-5852

The CVE affects Totolink A7100RU with firmware 7.4cu.2313_b20191024, specifically the CGI component CGI Handler under /cgi-bin/cstecgi.cgi. The vulnerable function is setIptvCfg, where manipulating the igmpVer argument leads to an OS command injection. The issue is reachable remotely and, per the...

10CVSS6.9AI score0.14277EPSS

Vulnrichment•added 2026/04/09 5:30 a.m.•1 views

CVE-2026-5849 Tenda i12 HTTP path traversal

7.5CVSS6.8AI score0.00632EPSS

Cvelist•added 2026/04/09 5:30 a.m.•33 views

CVE-2026-5849 Tenda i12 HTTP path traversal

7.5CVSS0.00632EPSS

NVD•added 2026/04/09 5:16 a.m.•3 views

CVE-2026-5842

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS0.00313EPSS

Exploits0References8

NVD•added 2026/04/09 5:16 a.m.•2 views

CVE-2026-5841

A weakness has been identified in Tenda i3 1.0.0.62204. The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could b...

9.8CVSS0.00632EPSS

NVD•added 2026/04/09 5:16 a.m.•4 views

CVE-2026-5839

A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the file /admin/add-subcategory.php. Such manipulation of the argument sucatdescription leads to sql injection. The attack may be launched remotely. The exploit is publicly availabl...

5.8CVSS0.00202EPSS

Vulnrichment•added 2026/04/09 5:15 a.m.•1 views

CVE-2026-5848 jeecgboot JimuReport Data Source testConnection DriverManager.getConnection code injection

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The...

5.8CVSS5.6AI score0.00311EPSS

Cvelist•added 2026/04/09 5:15 a.m.•27 views

CVE-2026-5848 jeecgboot JimuReport Data Source testConnection DriverManager.getConnection code injection

5.8CVSS0.00311EPSS

CVE•added 2026/04/09 5:15 a.m.•12 views

CVE-2026-5848

CVE-2026-5848 affects jeecgboot JimuReport up to version 2.3.0. The vulnerability lies in the Data Source Handler’s testConnection path, specifically the function DriverManager.getConnection, where manipulating the argument dbUrl can lead to code injection. The issue can be exploited remotely and...

5.8CVSS5.6AI score0.00311EPSS

CVE•added 2026/04/09 4:30 a.m.•10 views

CVE-2026-5842

CVE-2026-5842 concerns decolua 9router (≤0.3.47) where the Administrative API Endpoint under /api can bypass authorization. The root cause is described as an unauthorized access vulnerability in an unknown function of the API endpoint, exploitable remotely. Public disclosure has occurred and the ...

7.5CVSS6.5AI score0.00313EPSS

Exploits0References8

Cvelist•added 2026/04/09 4:30 a.m.•25 views

CVE-2026-5842 decolua 9router Administrative API Endpoint api authorization

7.5CVSS0.00313EPSS

Exploits0References8

NVD•added 2026/04/09 4:17 a.m.•5 views

CVE-2026-5835

A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/adminfootball.php. Executing a manipulation of the argument productname can lead to cross site scripting. It is possible to launch the attack remotely. The...

4.8CVSS0.00206EPSS

NVD•added 2026/04/09 4:17 a.m.•4 views

CVE-2026-5836

4.8CVSS0.00206EPSS

NVD•added 2026/04/09 4:17 a.m.•3 views

CVE-2026-5834

A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/adminrunning.php. Performing a manipulation of the argument productname results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now publi...

4.8CVSS0.00206EPSS