CVE-2026-4166 Wavlink WL-NU516U1 login.cgi sub_404F68 cross site scripting

A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cross site scripting. The attack can be launched remotely. The exploit has been made public and coul...

CVE-2026-4166 Wavlink WL-NU516U1 login.cgi sub_404F68 cross site scripting

A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cross site scripting. The attack can be launched remotely. The exploit has been made public and coul...

CVE-2026-4166

CVE-2026-4166 affects Wavlink WL-NU516U1 (firmware 240425). The vulnerable component is the function sub_404F68 in /cgi-bin/login.cgi, where manipulation of the homepage/hostname argument triggers a cross-site scripting (XSS) vulnerability. The attack can be launched remotely and the exploit has ...

PT-2026-25716

Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site scripting vulnerabilities that allow attackers to perform administrative actions and inject malicious scripts. Attackers can craft malicious web pages that execute unauthorized actions when...

PT-2026-25570

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects an unknown function of the file...

PT-2026-25717

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads...

PT-2026-25569

Name of the Vulnerable Software and Affected Versions D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link...

CVE-2026-32774 Vulnogram - Stored Cross-Site Scripting via Comment Hypertext

Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims' browsers...

Exploit for Use of Hard-coded Credentials in Rustfs

CVE-2025-689...

Exploit for OS Command Injection in Webmin

Webmin 1.910 — Remote Code Execution ██╗ ██╗███╗ ██╗█...

EUVD-2026-11999

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.0.7...

CVE-2026-32635

Angular has an XSS vulnerability in the i18n attribute bindings within the Angular runtime and compiler. Before versions 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, enabling internationalization for a security-sensitive attribute (e.g., href) with a data binding to untrusted user data can bypass...

@google/clasp vulnerable to unsafe path traversal cloning or pulling a malicious script

Impact Allows an attacker to perform a "Path Traversal" attack to modify files outside the projects directory, potentially allowing for running attacker code on the developer's machine. Patches Fixed in version 3.2.0 Workarounds Only clone or pull scripts from trusted sources Review the output of...

GHSA-HQJG-PWW4-PCGQ @google/clasp vulnerable to unsafe path traversal cloning or pulling a malicious script

Impact Allows an attacker to perform a "Path Traversal" attack to modify files outside the projects directory, potentially allowing for running attacker code on the developer's machine. Patches Fixed in version 3.2.0 Workarounds Only clone or pull scripts from trusted sources Review the output of...

EUVD-2026-12047

@google/clasp vulnerable to unsafe path traversal cloning or pulling a malicious script...

EUVD-2026-11732

Statamic vulnerable to privilege escalation via stored cross-site scripting...

CVE-2026-4092

Path Traversal in Clasp impacting versions 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences...

CVE-2026-4092

Path Traversal in Clasp impacting versions 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences...

CVE-2026-22209

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like alert1 in the custom CSS setting to execute arbitrary JavaScript i...

CVE-2026-22192

Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access...