CVE-2026-7137 Totolink A8000RU CGI cstecgi.cgi setStorageCfg os command injection

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument sambaEnabled leads to os command injection. Remote exploitation of the attack ...

TOTOLINK A8000RU 命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the function setStorageCfg in the CGI Handler component’s file/cgi-bin/cstecgi.cgi, which...

EUVD-2026-21076

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sambaEnabled results in os command injection. It is possible to initiate th...

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key for encrypting sensitive configurations when NeuVector stores data. The static key can be used to retrieve configuration data. Remediation Upgrade github.com/neuvector/neuvector/share to version 5.4.7...

EUVD-2017-6599

Malware in sbrugna...

EUVD-2021-10012

Malware in sbrugna...

[SECURITY] Fedora 42 Update: libblockdev-3.3.1-1.fc42

The libblockdev is a C library with GObject introspection support that can be used for doing low-level operations with block devices like setting up LVM, BTRFS, LUKS or MD RAID. The library uses plugins LVM, BTRFS,... and serves as a thin wrapper around its plugins' functionality. All the plugins...

CVE-2024-45733

In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution RCE due to an insecure session storage configuration...

CVE-2024-45733 Remote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Windows

In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution RCE due to an insecure session storage configuration...

CVE-2024-45733

CVE-2024-45733 concerns Splunk Enterprise on Windows, affecting versions below 9.2.3 and 9.1.6 where a low-privileged user (not admin/power roles) can achieve remote code execution due to insecure session storage configuration. The vulnerability’s impact is described as RCE with high severity (CV...

CVE-2023-3699

An Improper Privilege Management vulnerability was found in ASUSTOR Data Master ADM allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...

Code injection

A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet...

CVE-2021-22877

A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet...

targetcli: world writable /var/run/targetclid.sock allows unprivileged user to execute commands

A flaw was found in Linux, where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root...

CVE-2019-5408

Command View Advanced Edition CVAE products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version...

[SECURITY] Fedora 19 Update: python-blivet-0.13-1.fc19

The python-blivet package is a python module for examining and modifying storage configuration...

Lenovo Hui shields 5. x password leak-vulnerability warning-the black bar safety net

Lenovo Hui shields Lenovo's hard drive protection system 5. x is the Beijing Sea of light the company cooperation to launch the product in the school room can often be seen. Due to product design flaws, allowing any user in the hard disk protection system to enable state read administrator...