CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/04/12 12:28 p.m.•2 views

CVE-2019-25709

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via t...

CVE•added 2026/04/12 12:28 p.m.•6 views

CVE-2019-25709

CF Image Hosting Script 1.6.5 is vulnerable to unauthenticated access that lets an attacker download and decode the application database (imgdb.db in upload/data). The deserialized database stores delete IDs in plaintext, enabling an attacker to delete all pictures by manipulating the d parameter...

Cvelist•added 2026/04/12 12:28 p.m.•18 views

CVE-2019-25709 CF Image Hosting Script 1.6.5 Unauthorized Database Access

9.8CVSS0.00564EPSS

Cvelist•added 2026/04/12 12:28 p.m.•32 views

CVE-2019-25699 Newsbull Haber Script 1.0.0 Authenticated SQL Injection via search parameter

7.1CVSS0.00012EPSS

CVE•added 2026/04/12 12:28 p.m.•5 views

CVE-2019-25699

Newsbull Haber Script 1.0.0 is affected by multiple SQL injection vulnerabilities in the search parameter, enabling authenticated attackers to extract database information via time-based, blind, and boolean-based techniques. The issues can be triggered through the search parameter in endpoints su...

7.1CVSS5.9AI score0.00012EPSS

ATTACKERKB•added 2026/04/12 12:28 p.m.•4 views

CVE-2019-25699

7.1CVSS5.9AI score0.00012EPSS

EUVD•added 2026/04/12 6:30 a.m.•1 views

EUVD-2026-21705

A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument proto results in os command injection. The attack may be initiated...

10CVSS5.6AI score0.01221EPSS

Exploits0References6

CVE•added 2026/04/12 4:0 a.m.•5 views

CVE-2026-6115

Totolink A7100RU is affected by CVE-2026-6115. The flaw resides in CGI Handler’s /cgi-bin/cstecgi.cgi setAppCfg function, where manipulating the enable argument enables remote os command injection. Affected firmware: 7.4cu.2313_b20191024. The vulnerability can be exploited over the network with n...

10CVSS7AI score0.01221EPSS

Exploits0References5

Vulnrichment•added 2026/04/12 3:30 a.m.•1 views

CVE-2026-6114 Totolink A7100RU CGI cstecgi.cgi setNetworkCfg os command injection

10CVSS7.1AI score0.01221EPSS

Exploits0References5

Positive Technologies•added 2026/04/12 12:0 a.m.•3 views

PT-2026-32142

A Cross-site Scripting XSS vulnerability was identified in the from dict method of the AppLollmsMessage class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the content field when deserializing user-provided data. This allows ...

8.2CVSS5.8AI score0.00015EPSS

Exploits1References3

Positive Technologies•added 2026/04/12 12:0 a.m.•3 views

PT-2026-32171

Positive Technologies•added 2026/04/12 12:0 a.m.•1 views

Exploits1References6

PT-2026-32145

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A weakness exists in the Totolink A7100RU version 7.4cu.2313 b20191024. The issue is due to a flaw in the setRadvdCfg function within the CGI Handler component, specifically in the file...

10CVSS7.1AI score0.01221EPSS

Exploits0References12

CNNVD•added 2026/04/12 12:0 a.m.•1 views

CF Image Hosting Script 安全漏洞

CF Image Hosting Script is a lightweight image hosting script developed by David Tavarez. Version 1.6.5 of the CF Image Hosting Script contains a security vulnerability. This vulnerability stems from improper access control, which may lead to unauthorized database leaks and file deletion...