CVE-2026-9442 Edimax BR-6478AC POST Request formiNICSiteSurvey buffer overflow

A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. Executing a manipulation of the argument selSSID can lead to buffer overflow. The attack can be launched remotely. Th...

CVE-2026-9440

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack...

CVE-2026-9441

A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. Performing a manipulation of the argument rootAPmac results in command injection. The attack can be initiated...

CVE-2026-9441 Edimax BR-6478AC POST Request formiNICbasic command injection

A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. Performing a manipulation of the argument rootAPmac results in command injection. The attack can be initiated...

CVE-2026-9441

CVE-2026-9441 affects Edimax BR-6478AC running firmware 1.23. The vulnerability is in the POST Request Handler’s formiNICbasic function located in /goform/formiNICbasic. Manipulating the rootAPmac argument results in a command injection, enabling remote code execution. The exploit has been releas...

CVE-2026-9441 Edimax BR-6478AC POST Request formiNICbasic command injection

A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. Performing a manipulation of the argument rootAPmac results in command injection. The attack can be initiated...

CVE-2026-9440 Edimax BR-6478AC POST Request formAccept command injection

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack...

CVE-2026-9440

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack...

CVE-2026-9440

CVE-2026-9440 affects Edimax BR-6478AC firmware 1.23. The vulnerability lies in the POST Request Handler’s /goform/formAccept function; manipulating the submit-url argument enables command injection. The attack can be launched remotely, and a publicly available exploit is cited. No remediation de...

EUVD-2026-31651

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack...

CVE-2026-9423

A security flaw has been discovered in Edimax BR-6675nD 1.12. Impacted is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. The exploit has been releas...

CVE-2026-9422

A vulnerability was identified in KLiK SocialMediaWebsite 1.0. This issue affects some unknown processing of the component HTTP POST Request Parameter Handler. Such manipulation leads to injection. The attack can be launched remotely. The exploit is publicly available and might be used...

CVE-2026-9423 Edimax BR-6675nD POST Request mp command injection

A security flaw has been discovered in Edimax BR-6675nD 1.12. Impacted is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. The exploit has been releas...

CVE-2026-9423

CVE-2026-9423 affects Edimax BR-6675nD firmware 1.12. The vulnerability is in the POST Request Handler’s function mp at /goform/mp, where manipulating the argument command leads to a command injection. The attack can be initiated remotely, and public exploit code has been released. The vendor was...

CVE-2026-9420

A vulnerability was found in KLiK SocialMediaWebsite 1.0. This affects an unknown part of the component HTTP GET Request Parameter Handler. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used...

CVE-2026-9420

CVE-2026-9420 affects KLiK SocialMediaWebsite 1.0 and is associated with the component handling HTTP GET Request Parameters . The issue is a parameter injection vulnerability in that handler, allowing a remote attacker to exploit it. The threat is supported by public exploitation activity. The CV...

PT-2026-43019

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack...

PT-2026-43028

A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. Executing a manipulation of the argument selSSID can lead to buffer overflow. The attack can be launched remotely. Th...

PT-2026-43069

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackney ws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the intern...

PT-2026-43120

Name of the Vulnerable Software and Affected Versions Apache Shiro versions 2.0-alpha through 2.1.0 Apache Shiro version 3.0.0-alpha-1 Description An issue exists in the shiro-jakarta-ee integration module where the shiroSavedRequest cookie is not validated after a successful login. This allows a...