CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/24 12:0 a.m.•8 views

Edimax EW-7438RPn 命令注入漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Version 1.12 of the Edimax EW-7438RPn contains a command injection vulnerability. This vulnerability stems from improper handling of the parameter submit-url in the formAccept function of the component POST...

6.5CVSS6.6AI score0.01364EPSS

CNNVD•added 2026/05/24 12:0 a.m.•7 views

Edimax EW-7438RPn 命令注入漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. The Edimax EW-7438RPn version 1.28a has a command injection vulnerability. This vulnerability stems from improper handling of parameters such as...

6.5CVSS6.7AI score0.01364EPSS

NVD•added 2026/05/23 7:16 p.m.•9 views

CVE-2018-25354

Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pages. Attackers can craft HTML forms targeting the account/index endpoint with hidden fields to chan...

5.3CVSS0.00163EPSS

CVE•added 2026/05/23 6:30 p.m.•29 views

CVE-2018-25358

The CVE-2018-25358 entry concerns the D-Link DIR-601 (firmware 2.02NA) where an unauthenticated attacker can disclose credentials via /my_cgi.cgi by manipulating the table_name parameter in POST requests. Affected data includes administrative credentials and wireless keys, exposed in cleartext. T...

8.7CVSS5.8AI score0.00697EPSS

Cvelist•added 2026/05/23 6:30 p.m.•13 views

CVE-2018-25358 D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the tablename parameter in POST requests. Attackers can send requests to /mycgi.cgi with tablename values like adminuser,...

8.7CVSS0.00697EPSS

Vulnrichment•added 2026/05/23 6:30 p.m.•5 views

CVE-2018-25358 D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi

8.7CVSS5.8AI score0.00697EPSS

ATTACKERKB•added 2026/05/23 6:30 p.m.•12 views

CVE-2018-25358

8.7CVSS5.8AI score0.00697EPSS

Vulnrichment•added 2026/05/23 6:30 p.m.•6 views

CVE-2018-25354 Joomla Component jomres 9.11.2 Cross-Site Request Forgery

5.3CVSS5.7AI score0.00163EPSS

EUVD•added 2026/05/23 6:30 p.m.•8 views

EUVD-2018-21874

userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing...

9.8CVSS5.8AI score0.00539EPSS

Snyk•added 2026/05/23 1:44 p.m.•9 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the PathSwitchRequest process. An attacker can cause memory corruption by sending specially crafted requests remotely to the affected component. Remediation Upgrade github.com/omec-project/amf/util to version 2.2.0 or...

Snyk•added 2026/05/23 1:44 p.m.•9 views

Buffer Overflow

Snyk•added 2026/05/23 1:44 p.m.•9 views

Buffer Overflow

Snyk•added 2026/05/23 1:42 p.m.•9 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the NGSetupRequest process. An attacker can cause memory corruption and potentially compromise confidentiality, integrity, and availability by sending specially crafted requests remotely. Remediation Upgrade...

Hacker One•added 2026/05/23 12:20 p.m.•20 views

curl: lib/ldap.c follows attacker-controlled LDAP referrals and binds to a second server; WinLDAP builds leak current logon credentials (confirmed on Window

Summary: curl's generic LDAP backend lib/ldap.c does not disable automatic LDAP referral chasing, unlike lib/openldap.c, which explicitly sets LDAPOPTREFERRALS to LDAPOPTOFF. As a result, a malicious first-hop LDAP server can return a referral to an attacker-controlled second LDAP server and caus...

5.7AI score

Exploits0

ATTACKERKB•added 2026/05/23 11:45 a.m.•6 views

CVE-2026-9300

A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. It is best practic...

6.5CVSS6AI score0.00296EPSS

Exploits0References6Affected Software1

EUVD•added 2026/05/23 11:45 a.m.•6 views

EUVD-2026-31534

6.5CVSS6AI score0.00296EPSS

Exploits0References6

Cvelist•added 2026/05/23 10:30 a.m.•13 views

CVE-2026-9298 omec-project amf PathSwitchRequest memory corruption

A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory corruption. The attack may be launched remotely. The exploit is now public and may be used. It is...

6.5CVSS0.00296EPSS

Exploits0References6

NVD•added 2026/05/23 10:16 a.m.•12 views

CVE-2026-9296

A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument...

6.5CVSS0.01495EPSS

Vulnrichment•added 2026/05/23 10:15 a.m.•5 views

CVE-2026-9297 Edimax BR-6428NS POST Request formWlbasic command injection

A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. The manipulation of the argument repeaterSSID leads to command injection. The attack may be initiated remotely. The...

6.5CVSS6.4AI score0.01525EPSS