CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/04/09 8:15 p.m.•4 views

CVE-2026-5977

Totolink A7100RU (firmware 7.4cu.2313_b20191024) has a vulnerability in CGI Handler: /cgi-bin/cstecgi.cgi, function setWiFiBasicCfg. Replacing/manipulating the wifiOff argument leads to OS command injection. Exploit is public, enabling remote, unauthenticated execution. CVSS metrics indicate CRIT...

10CVSS7AI score0.01221EPSS

ATTACKERKB•added 2026/04/09 7:45 p.m.•3 views

CVE-2026-5975

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. The impacted element is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wanIdx leads to os command injection. The attack may be performed from remote. Th...

10CVSS7AI score0.01221EPSS

Exploits0References5Affected Software1

ATTACKERKB•added 2026/04/09 7:43 p.m.•0 views

CVE-2026-40089

Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery SSRF vulnerability in its API client apps/dashboard/lib/api.ts. Installations created using the provided install.sh script includi...

9.9CVSS6AI score0.00055EPSS

Vulnrichment•added 2026/04/09 7:43 p.m.•1 views

CVE-2026-40089 Sonicverse has Server-Side Request Forgery via user-controlled URLs in dashboard API client

9.9CVSS5.9AI score0.00055EPSS

EUVD•added 2026/04/09 7:43 p.m.•0 views

EUVD-2026-21065

9.9CVSS6AI score0.00055EPSS

Snyk•added 2026/04/09 6:9 p.m.•2 views

Cross-site Scripting (XSS)

Overview limesurvey/limesurvey is a FOSS online survey tool on the web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getInstance function when processing the gid parameter. An attacker can execute arbitrary JavaScript in the context of a logged-in user by...

6.1CVSS5.8AI score0.00044EPSS

Exploits1References2

OSV•added 2026/04/09 4:16 p.m.•3 views

UBUNTU-CVE-2026-39853

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS7 signature, the code copies the digest value from a parsed...

7.8CVSS6.1AI score0.00014EPSS

UbuntuCve•added 2026/04/09 4:16 p.m.•2 views

CVE-2026-39853

7.8CVSS6.1AI score0.00014EPSS

Exploits0References4

ATTACKERKB•added 2026/04/09 3:50 p.m.•2 views

CVE-2026-39853

7.8CVSS6.2AI score0.00014EPSS

Exploits0References4Affected Software1

CVE•added 2026/04/09 3:50 p.m.•9 views

CVE-2026-39853

osslsigncode contains a stack buffer overflow in its signature verification paths (PE, MSI, CAB, script) when verifying PKCS#7 signatures. During digest copy from SpcIndirectDataContent into a fixed-size stack buffer (mdbuf[EVP_MAX_MD_SIZE], 64 bytes), the code does not validate the source length...

7.8CVSS6.2AI score0.00014EPSS

Exploits0References3Affected Software1

EUVD•added 2026/04/09 3:35 p.m.•1 views

EUVD-2026-20892

The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.94.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6.1AI score0.00037EPSS

Exploits0References4

Snyk•added 2026/04/09 3:13 p.m.•4 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:rrweb-snapshot is a rrweb's component to take a snapshot of DOM, aka DOM serializer Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rrweb-snapshot process. An attacker can execute arbitrary web scripts or inject malicious HTML by...

6.1CVSS5.9AI score0.00011EPSS

NVD•added 2026/04/09 1:16 p.m.•1 views

CVE-2026-3005

6.4CVSS0.00037EPSS

Exploits0References3

NVD•added 2026/04/09 10:16 a.m.•1 views

CVE-2026-34184

Hydrosystem Control System does not enforce authorization for some directories. This allows an unauthorized attacker to read all files in these directories and even execute some of them. Critically the attacker could run PHP scripts directly on the connected database.This issue was fixed...

9.1CVSS0.00045EPSS

Vulnrichment•added 2026/04/09 9:41 a.m.•2 views

CVE-2026-34184 Missing Authorization in Hydrosystem Control System

8.8CVSS6AI score0.00045EPSS

OSSF Malicious Packages•added 2026/04/09 7:28 a.m.•2 views

Malicious code in just4testlm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5aed012f2ecc4af261bb7f2fc294b9aee5c0733ccf207b9e9e9a381d51387811 The package likely tests different malicious techniques and delivering payload in setup.py. Different versions, like 0.1.0, 0.4.0 or 0.9.0 contain malicious...

5.9AI score

OSV•added 2026/04/09 7:28 a.m.•1 views

MAL-2026-2519 Malicious code in just4testlm (PyPI)

5.8AI score

Vulnrichment•added 2026/04/09 6:45 a.m.•3 views

CVE-2026-5854 Totolink A7100RU CGI cstecgi.cgi setWiFiEasyCfg os command injection

A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument merge results in os command injection. It is possible to initiate th...

10CVSS7AI score0.00273EPSS

Vulnrichment•added 2026/04/09 6:0 a.m.•1 views

CVE-2026-5851 Totolink A7100RU CGI cstecgi.cgi setUPnPCfg os command injection

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be executed remotely. The exploi...

10CVSS7AI score0.01668EPSS