377 matches found
CVE-2026-40828
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to validate the rec-used field during the ntfs3 log replay file checking process. Thi...
CVE-2026-5176
A security flaw has been discovered in Totolink A3300R 17.0.0cu.557b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provided results in command injection. The attack may be initiated remotely. The exploit has been release...
CVE-2026-24987
Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...
CVE-2026-26795
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.getsystemlog function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
EUVD-2026-15606
Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...
CVE-2026-24987
Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...
CVE-2026-24987 WordPress WP System Log plugin <= 1.2.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...
CVE-2026-24987 WordPress WP System Log plugin <= 1.2.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...
CVE-2026-24987
CVE-2026-24987 is a Missing Authorization vulnerability in the WordPress Activity Log plugin (winterlock) family, affecting WP System Log versions up to 1.2.7, enabling unauthorized access to logs. CVSS 3.1 base 6.5 (I: High, A: None); exploitation status not detailed in provided documents; monit...
WordPress plugin WP System Log 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
PT-2026-27876
Name of the Vulnerable Software and Affected Versions WP System Log versions through 1.2.7 Description An authorization issue exists in activity-log.com WP System Log winterlock. This allows exploitation of incorrectly configured access control security levels. Recommendations Update WP System Lo...
WordPress WP System Log plugin <= 1.2.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by NumeX in WordPress Plugin WP System Log versions = 1.2.7...
EUVD-2026-11627
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.getsystemlog function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
CVE-2026-26795
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.getsystemlog function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
CVE-2026-26795
Affected product : GL-iNet GL-AR300M16 (v4.3.11). Vulnerability : Command injection via the module parameter in the M.get_system_log function, allowing an attacker to execute arbitrary commands with crafted input. Impact : Arbitrary command execution on affected device. No remediation details pro...
CVE-2026-26795
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.getsystemlog function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
CVE-2026-26795
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.getsystemlog function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
CVE-2026-26795
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.getsystemlog function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
PT-2026-25027
🔴 CVE-2026-26795 - Critical GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get system log function. This vulnerability allows attackers to e... https://t.co/NCxeIgOxEq https://t.co/P5rgFdajLA...