CVE-2026-10189

A vulnerability has been found in Tenda W12 3.0.0.74763. This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to t...

CVE-2025-66313

ChurchCRM versions 6.2.0 and earlier are vulnerable to a time-based blind SQL injection in the 1FieldSec parameter. Injecting SLEEP() triggers deterministic server-side delays, showing the value is embedded in a SQL query without proper parameterization. In the affected versions, this can enable ...

PT-2022-5711 · NetGear · Netgear R7000P

Name of the Vulnerable Software and Affected Versions: Netgear R7000P version 1.3.0.8 Description: The issue is related to a buffer overflow error in the httpd daemon of the NETGEAR R7000P router's firmware. This can be exploited by a remote attacker to execute arbitrary code through the wan dns1...

CVE-2017-9313

Multiple Cross-site scripting XSS vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to viewman.cgi, the referers parameter to changereferers.cgi, or the name parameter to saveuser.cgi. NOTE: these issues were not fixed in...

Sql injection

SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the newsid parameter when the sec parameter is 26. NOTE: the provenance of this information is unknown; the details are...

CVE-2010-0710

SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the newsid parameter when the sec parameter is 26. NOTE: the provenance of this information is unknown; the details are...