CVE-2026-7579 AstrBotDevs AstrBot Dashboard auth.py hard-coded credentials

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...

CVE-2026-6999

A flaw has been found in BIVOCOM TR321 21.1.1.50. Affected by this vulnerability is an unknown functionality of the component Wireless Setting. This manipulation of the argument Network Name SSID causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been...

EUVD-2026-25672

A weakness has been identified in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This affects an unknown function of the component rmon event Tab. Executing a manipulation of the argument Description can lead to cross site scripting. The attack may be launched remotely. The exploit has been made availab...

PT-2026-30511

A vulnerability was found in Acrel Electrical Prepaid Cloud Platform 1.0. This issue affects some unknown processing of the file /bin.rar of the component Backup File Handler. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been made public...

CVE-2026-4847 dameng100 muucmf list.html cross site scripting

A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and...

CVE-2026-2530

A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to th...

CVE-2025-1829

A vulnerability was found in TOTOLINK X18 9.1.0cu.2024B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can be initiated...

CVE-2025-15424

A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agentworksdel.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The...

CVE-2025-15123

A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The attack requires a high level of complexity. The...

EUVD-2025-205469

A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument apikey results in use of hard-coded cryptographic key . Remote exploitation of the attack...

CVE-2025-5134 Tmall Demo Buy Item Page cross site scripting

A vulnerability classified as problematic was found in Tmall Demo up to 20250505. Affected by this vulnerability is an unknown functionality of the component Buy Item Page. The manipulation of the argument Detailed Address leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-5128

A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Affected is an unknown function of the file /admin/ of the component Admin Login Panel. The manipulation of the argument Password leads to sql injection. It is possible to launch the...

CVE-2024-10379

A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument decryptFileId with the input...

CVE-2024-11961

CVE-2024-11961 affects Guangzhou Huayi Intelligent Technology Jeewms 3.7, specifically the preHandle function in src/main/java/com/zzjee/wm/controller/WmOmNoticeHController.java. The issue is argument manipulation leading to information disclosure, with remote exploit potential and public disclos...

CVE-2024-11659 EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_iperf command injection

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/network/diagiperf. The manipulation of the argument iperf leads to command injection. The attack may be...

CVE-2024-11658

CVE-2024-11658 affects EnGenius ENH1350EXT, ENS500-AC, and ENS620EXT (up to 20241118). The vulnerability stems from an injection in the file /admin/network/ajax_getChannelList where manipulating the countryCode parameter leads to command injection, exploitable remotely. Public exploit appears to ...

CVE-2024-11656

CVE-2024-11656 affects EnGenius ENH1350EXT, ENS500-AC and ENS620EXT (up to 20241118). The issue is a command-injection in the /admin/network/diag_ping6 handling, triggered by manipulation of the diag_ping6 argument, potentially exploitable remotely. Public exploit appears to have been disclosed. ...

CVE-2024-11619

The CVE-2024-11619 issue affects macrozheng mall up to version 1.0.3, specifically the JWT Token Handler component. Root cause: use of a default cryptographic key, which can compromise confidentiality/integrity if exploited. Exploitation complexity is described as high and exploitation is difficu...

CVE-2024-11488

CVE-2024-11488 affects 115cms up to version 20240807. The issue is a cross-site scripting vulnerability in the processing of /app/admin/view/web_user.html, triggered by manipulating the ks parameter. Exploitation may be remotely initiated and public disclosures exist. Multiple sources (NVD, Red H...

CVE-2024-11487

A vulnerability has been found in Code4Berry Decoration Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /decoration/admin/btndatesreport.php of the component Between Dates Reports. The manipulation of the argument fromdate/todate leads to sql...