Lucene search
K

41188 matches found

Vulnrichment
Vulnrichment
added 2026/03/31 2:0 a.m.2 views

CVE-2026-5177 Totolink A3300R cstecgi.cgi setWiFiBasicCfg command injection

A weakness has been identified in Totolink A3300R 17.0.0cu.557b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument rxRate can lead to command injection. The attack may be launched remotely. The exploit...

6.5CVSS6.4AI score0.02404EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/31 2:0 a.m.28 views

CVE-2026-5177 Totolink A3300R cstecgi.cgi setWiFiBasicCfg command injection

A weakness has been identified in Totolink A3300R 17.0.0cu.557b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument rxRate can lead to command injection. The attack may be launched remotely. The exploit...

6.5CVSS0.02404EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/31 1:15 a.m.1 views

CVE-2026-5176 Totolink A3300R cstecgi.cgi setSyslogCfg command injection

A security flaw has been discovered in Totolink A3300R 17.0.0cu.557b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provided results in command injection. The attack may be initiated remotely. The exploit has been release...

7.5CVSS5.7AI score0.01932EPSS
Exploits1References5
CVE
CVE
added 2026/03/31 1:15 a.m.12 views

CVE-2026-5176

CVE-2026-5176 affects Totolink A3300R (firmware 17.0.0cu.557_b20221024). The vulnerability is in the function setSyslogCfg of /cgi-bin/cstecgi.cgi, where manipulating an argument enables command injection. Impact is remote and notable across confidentiality, integrity, and availability; exploitat...

9.8CVSS6.8AI score0.01932EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/03/31 12:31 a.m.1 views

EUVD-2026-17253

A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument custid leads to cross site scripting. The attack may be performed from remote. The exploit ...

5.3CVSS4.3AI score0.00337EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/31 12:31 a.m.2 views

EUVD-2026-17249

A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component Parameter Handler. The manipulation of the argument wanmode results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been mad...

9CVSS7.8AI score0.00773EPSS
Exploits1References6
EUVD
EUVD
added 2026/03/31 12:31 a.m.3 views

EUVD-2026-17243

A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

6.5CVSS5.7AI score0.03EPSS
Exploits1References6
NVD
NVD
added 2026/03/31 12:16 a.m.6 views

CVE-2026-5157

A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument custid leads to cross site scripting. The attack may be performed from remote. The exploit ...

5.3CVSS0.00337EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29368

Name of the Vulnerable Software and Affected Versions D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link...

9CVSS7.4AI score0.00715EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.7 views

PT-2026-29200

A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub 421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead to command injection. It is possible to launch the attack remotely. The exploit has been publicly...

6.5CVSS5.6AI score0.05126EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.4 views

PT-2026-29187

A weakness has been identified in Totolink A3300R 17.0.0cu.557 b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument rxRate can lead to command injection. The attack may be launched remotely. The exploi...

6.5CVSS5.7AI score0.02404EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.10 views

PT-2026-29296

A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such manipulation of the argument url leads to server-side request forgery. The attack can be launched...

6.5CVSS5.6AI score0.00259EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.6 views

PT-2026-29347

Name of the Vulnerable Software and Affected Versions D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link...

9CVSS7.5AI score0.00737EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29410

A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. This affects an unknown part of the file /admin state.php. The manipulation of the argument statename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

5.3CVSS4.2AI score0.0033EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.3 views

PT-2026-29190

A flaw has been found in SourceCodester Simple Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=login2. This manipulation of the argument email causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

7.5CVSS5.8AI score0.00325EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29321

A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This vulnerability affects unknown code of the component Payment Handler. The manipulation of the argument Payment id/Amount/customer id/payment type/customer name leads to sql injection. Remote...

6.5CVSS5.7AI score0.00192EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.4 views

PT-2026-29409

A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /view employee.php of the component Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.4 views

PT-2026-33160

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.101 Description A use after free issue in FileSystem allows a remote attacker to potentially exploit object corruption via a crafted HTML page. Use after free is a memory corruption flaw that occurs...

10CVSS5.7AI score0.00372EPSS
Exploits0References41
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.4 views

PT-2026-29216

A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /delete user.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...

6.5CVSS5.8AI score0.00192EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/31 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-5123

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation ...

6.3CVSS5.3AI score0.00409EPSS
Exploits0References3
Rows per page
Query Builder