Lucene search
K

41192 matches found

CVE
CVE
added 2026/03/30 4:0 a.m.19 views

CVE-2026-5106

Affects code-projects Exam Form Submission 1.0 . The vulnerability lies in the file /admin/update_fst.php where manipulating the sname argument can cause cross-site scripting (XSS). It can be triggered remotely and an exploit has been published. The Connected documents do not provide a specific C...

4.8CVSS4.2AI score0.00191EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/30 3:15 a.m.15 views

CVE-2026-5104

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed...

8.8CVSS0.02483EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/30 3:0 a.m.1 views

CVE-2026-5105 Totolink A3300R Parameter cstecgi.cgi setVpnPassCfg command injection

A vulnerability was detected in Totolink A3300R 17.0.0cu.557b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It is possible to...

6.5CVSS5.7AI score0.03674EPSS
Exploits1References5
NVD
NVD
added 2026/03/30 2:16 a.m.4 views

CVE-2026-5103

A weakness has been identified in Totolink A3300R 17.0.0cu.557b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument enable causes command injection. The attack is possible to be carried out remotely. The exploit has been made...

8.8CVSS0.03638EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/30 2:0 a.m.31 views

CVE-2026-5104 Totolink A3300R cstecgi.cgi setStaticRoute command injection

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed...

6.5CVSS0.02483EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/30 2:0 a.m.1 views

CVE-2026-5104 Totolink A3300R cstecgi.cgi setStaticRoute command injection

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed...

6.5CVSS6.3AI score0.02483EPSS
Exploits1References5
CVE
CVE
added 2026/03/30 1:0 a.m.13 views

CVE-2026-5103

Affects Totolink A3300R 17.0.0cu.557_b20221024. The issue resides in the setUPnPCfg function of /cgi-bin/cstecgi.cgi, where manipulating the enable argument leads to command injection. This can be exploited remotely and publicly available exploits exist. Remediation guidance in connected sources ...

8.8CVSS6.4AI score0.03638EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/03/30 12:16 a.m.2 views

CVE-2026-5102

A security flaw has been discovered in Totolink A3300R 17.0.0cu.557b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qosupbw results in command injection. The attack can be execut...

8.8CVSS0.02164EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/30 12:0 a.m.1 views

CVE-2026-5102 Totolink A3300R Parameter cstecgi.cgi setSmartQosCfg command injection

A security flaw has been discovered in Totolink A3300R 17.0.0cu.557b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qosupbw results in command injection. The attack can be execut...

6.5CVSS5.7AI score0.02164EPSS
Exploits1References5
Zero Day Initiative
Zero Day Initiative
added 2026/03/30 12:0 a.m.4 views

(Pwn2Own) QNAP QHora-322 login.newAuthMiddleware.Authenticator Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the quroutertoken parameter provided to the...

5.6CVSS5.5AI score0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/30 12:0 a.m.2 views

CVE-2026-30560

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addsupplier.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HT...

6AI score0.00252EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29111

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

5.8CVSS5.7AI score0.00253EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.7 views

PT-2026-28760

A flaw has been found in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update fst.php. Executing a manipulation of the argument sname can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

4.8CVSS4.2AI score0.00191EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.3 views

PT-2026-29101

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit has been released...

7.5CVSS6.8AI score0.00326EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29113

Name of the Vulnerable Software and Affected Versions Tenda CH22 version 1.0.0.1 Description A buffer overflow exists in the formCreateFileName function located in the file /goform/createFileName. Manipulation of the fileNameMit argument can trigger a stack-based buffer overflow, potentially...

9CVSS7.6AI score0.0073EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.3 views

PT-2026-29144

A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument cust id leads to cross site scripting. The attack may be performed from remote. The exploit...

5.3CVSS4.3AI score0.00337EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29143

Name of the Vulnerable Software and Affected Versions Tenda CH22 version 1.0.0.1 Description A flaw exists in Tenda CH22 version 1.0.0.1 within the Parameter Handler component. Specifically, the fromAdvSetWan function in the /goform/AdvSetWan file is susceptible to a stack-based buffer overflow...

9CVSS7.7AI score0.00773EPSS
Exploits1References8
NVD
NVD
added 2026/03/29 11:16 p.m.4 views

CVE-2026-5101

A vulnerability was identified in Totolink A3300R 17.0.0cu.557b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The...

8.8CVSS0.02179EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/29 11:3 p.m.3 views

CVE-2026-5013

A vulnerability has been found in elecV2 elecV2P up to 3.8.3. Impacted is the function path.join of the file /store/:key. The manipulation of the argument URL leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used...

6.9CVSS5.5AI score0.00591EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/29 11:3 p.m.4 views

CVE-2026-5015

A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted element is an unknown function of the file /logs of the component Endpoint. This manipulation of the argument filename causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

5.3CVSS4.3AI score0.00263EPSS
Exploits0References1
Rows per page
Query Builder