11 matches found
CVE-2026-9384
A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument ip results in os command injection. The attack can be executed...
CVE-2026-9456
A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enabled results in os command injection. The attack can be executed remotely. The...
CVE-2026-5834 code-projects Online Shoe Store admin_running.php cross site scripting
A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/adminrunning.php. Performing a manipulation of the argument productname results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now publi...
CVE-2025-14884
A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This...
CVE-2025-11582 code-projects Online Job Search Engine registration.php sql injection
A vulnerability was detected in code-projects Online Job Search Engine 1.0. This issue affects some unknown processing of the file /registration.php. Performing manipulation of the argument txtusername results in sql injection. The attack may be initiated remotely. The exploit is now public and m...
CVE-2025-9921
A weakness has been identified in code-projects POS Pharmacy System 1.0. Affected is an unknown function of the file /main/products.php. This manipulation of the argument productcode/genname/productname/supplier causes cross site scripting. The attack can be initiated remotely. The exploit has be...
CVE-2025-8369 Portabilis i-Educar educar_avaliacao_desempenho_lst.php cross site scripting
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9. This issue affects some unknown processing of the file /intranet/educaravaliacaodesempenholst.php. The manipulation of the argument tituloavaliacao leads to cross site scripting. The attack may be...
CVE-2025-5200 Open Asset Import Library Assimp MDLLoader.cpp InternReadFile_Quake1 out-of-bounds
A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDLImporter::InternReadFileQuake1 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. It is possible to launch the attac...
CVE-2025-0709 Dcat-Admin Roles Page roles cross site scripting
A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...
CVE-2024-12342 TP-Link VN020 F3v(T) Incomplete SOAP Request WANIPConnection denial of service
A vulnerability was found in TP-Link VN020 F3vT TTV6.2.1021. It has been rated as critical. This issue affects some unknown processing of the file /control/WANIPConnection of the component Incomplete SOAP Request Handler. The manipulation leads to denial of service. The attack can only be initiat...
CVE-2021-3156 "Baron Samedit"
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character. Recent assessments: cdelafuente-r7 at January 27, 2021 3:40pm UTC...