CVE-2026-4172

A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /pingresponse.cgi of the component HTTP POST Request Handler. The manipulation of the argument pingipaddr results in stack-based buffer overflow. The attack may be performed from remote. The...

CVE-2026-4170 Topsec TopACM HTTP Request nmc_sync.php os command injection

A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmcsync.php of the component HTTP Request Handler. Executing a manipulation of the argument templatepath can lead to os command injection. The...

CVE-2026-4170

CVE-2026-4170 affects Topsec TopACM 3.0. The vulnerability resides in the HTTP Request Handler’s /view/systemConfig/management/nmc_sync.php function, where manipulating the argument template_path enables an unauthenticated remote OS command injection. The issue is remotely exploitable and publicl...

CVE-2026-4164

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function DeleteMaclist/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack remotely. The exploit h...

PT-2026-25511

A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The exploit...

CVE-2026-2952

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-2952 Vaelsys HTTP POST Request tree_server.php os command injection

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-2952

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-2865

A vulnerability was found in itsourcecode Agri-Trading Online Shopping System 1.0. This impacts an unknown function of the file admin/productcontroller.php of the component HTTP POST Request Handler. Performing a manipulation of the argument Product results in sql injection. The attack may be...

O2OA 代码问题漏洞

O2OA is an open-source enterprise application development platform developed by O2OA. Versions of O2OA 9.0.0 and earlier contained code vulnerabilities due to XML external entity references in the HTTP POST request handler...

CVE-2026-2017 IP-COM W30AP POST Request wx3auth R7WebsSecurityHandler stack-based overflow

A vulnerability was detected in IP-COM W30AP up to 1.0.0.111340. Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performe...

CVE-2026-2017 IP-COM W30AP POST Request wx3auth R7WebsSecurityHandler stack-based overflow

A vulnerability was detected in IP-COM W30AP up to 1.0.0.111340. Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performe...

CVE-2026-2017

A vulnerability was detected in IP-COM W30AP up to 1.0.0.111340. Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performe...

CVE-2026-25149

Qwik is a performance focused javascript framework. Prior to version 1.19.0, an Open Redirect vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation permits attackers to craft convinci...

CVE-2026-25151

Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side request handler inconsistently interprets HTTP request headers, which can be abused by a remote attacker to circumvent form submission CSRF protections using specially crafted or multi-valued...

CVE-2026-25151

Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side request handler inconsistently interprets HTTP request headers, which can be abused by a remote attacker to circumvent form submission CSRF protections using specially crafted or multi-valued...

CVE-2026-25151

CVE-2026-25151 affects Qwik City (server-side) prior to version 1.19.0, where the server-side request handler inconsistently interprets HTTP headers, enabling a CSRF protection bypass via specially crafted or multi-valued Content-Type headers. The vulnerability can let remote attackers bypass ori...

Qwik City Open Redirect via fixTrailingSlash

Summary Description An Open Redirect CWE-601 vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation permits attackers to craft convincing phishing links that appear to originate from t...

CVE-2026-1737

A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function sgwcs5chandlecreatebearerrequest of the file /src/sgwc/s5c-handler.c of the component CreateBearerRequest Handler. Performing a manipulation results in reachable assertion. Remote exploitation of the attack ...

PT-2026-6274

Name of the Vulnerable Software and Affected Versions Qwik versions prior to 1.19.0 Description An Open Redirect issue exists in Qwik City’s default request handler middleware. This allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation could allow...