CVE-2026-4163

A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The exploit...

CVE-2025-69245

Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malicious URL which, when opened by the authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in 1.4.6...

CVE-2016-20032

ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holidayname' and 'memo' POST parameters. Attackers can submit crafted requests with script code i...

CVE-2015-20113

Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site scripting vulnerabilities that allow attackers to perform administrative actions and inject malicious scripts. Attackers can craft malicious web pages that execute unauthorized actions when...

CVE-2015-20114

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads...

CVE-2025-69242

Raytha CMS is vulnerable to reflected XSS via the backToListUrl parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in version 1.4.6...

CVE-2025-69241

Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing functionality. Authenticated attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version 1.4.6...

CVE-2025-69237 Stored XSS in Raytha CMS

Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

CVE-2026-4235

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument useremail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...

MAL-2026-1486 Malicious code in trello-enterprises (npm)

The package is malicious due to a postinstall script executing a file that exfiltrates sensitive information to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a327d3918cfde33c4405296d7b5e2644bf1435d6532be30af21d41135d529ef The package...

Malicious code in trello-enterprises (npm)

The package is malicious due to a postinstall script executing a file that exfiltrates sensitive information to a remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a327d3918cfde33c4405296d7b5e2644bf1435d6532be30af21d41135d529ef The package...

Malicious code in internal-lib-vulnerable (npm)

Malicious package due to data exfiltration, arbitrary code execution during installation via preinstall script, and suspicious hostname. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b46f6c2b8b094dc4a9864676457c3ea2af565204d854ab4cf1eb27be87aaa878 The package...

MAL-2026-1484 Malicious code in internal-lib-vulnerable (npm)

Malicious package due to data exfiltration, arbitrary code execution during installation via preinstall script, and suspicious hostname. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b46f6c2b8b094dc4a9864676457c3ea2af565204d854ab4cf1eb27be87aaa878 The package...

MAL-2026-1487 Malicious code in vitest-config (npm)

Malicious package due to preinstall script execution, system info gathering, Discord webhook usage for data exfiltration, and error suppression. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d6cfc9315582e56556f40906f86a19927ad32b3826548896d1eaf23e0705243 The...

DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo's LAB52 threat intelligence team. The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted b...

CVE-2026-4212

A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function...

CVE-2026-4210

CVE-2026-4210 affects D-Link DNS-120, DNR-202L, DNS-315L, DNS-320/320L/320LW/321, DNR-322L, DNS-323/325/326/327L, DNR-326, DNS-340L/343/345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04. The vulnerability targets the function cgi_tm_set_share in /cgi-bin/time_machine.cgi, where manipulating...

CVE-2026-4209 D-Link DNS-1550-04 account_mgr.cgi cgi_chg_admin_pw command injection

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function...

CVE-2026-4206

CVE-2026-4206 describes a remote command-injection flaw in multiple D-Link NAS/DVR devices (DNS-120 series, DNS-320/321/325/326/327L, DNS-340L, DNS-343/345, DNS-1100-4, DNS-1200-05, DNS-1550-04, DNR/DNS variants) affecting the disk-management CGI endpoint /cgi-bin/dsk_mgr.cgi. The vulnerability t...

CVE-2026-4204

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function...