Lucene search
K

1020 matches found

RedhatCVE
RedhatCVE
added 2026/04/29 8:48 p.m.9 views

CVE-2026-7241

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried...

10CVSS8.2AI score0.02448EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/28 7:15 a.m.29 views

CVE-2026-7240 Totolink A8000RU CGI cstecgi.cgi setVpnAccountCfg os command injection

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument User leads to os command injection. The attack can be executed remotely...

10CVSS0.02426EPSS
Exploits0References5
CVE
CVE
added 2026/04/28 7:15 a.m.17 views

CVE-2026-7240

CVE-2026-7240 affects Totolink A8000RU 7.1cu.643_b20200521. The vulnerability resides in CGI Handler’s /cgi-bin/cstecgi.cgi function setVpnAccountCfg, where manipulation of the User argument enables OS command injection. This can be exploited remotely with no authentication (attack vector: NETWOR...

10CVSS8.1AI score0.02426EPSS
Exploits0References5
NVD
NVD
added 2026/04/27 4:16 p.m.5 views

CVE-2026-7136

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wanIdx can lead to os command injection. The attack may be launched...

10CVSS0.01766EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/27 12:15 p.m.4 views

CVE-2026-7123 Totolink A8000RU CGI cstecgi.cgi setIptvCfg os command injection

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument setIptvCfg results in os command injection. The attack can be initiated remotely. The...

10CVSS8.2AI score0.01766EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.10 views

TOTOLINK A8000RU 命令注入漏洞

The TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A8000RU 7.1cu.643b20200521 version has a command injection vulnerability. This vulnerability stems from improper handling of the pptpPassThru parameter in the setVpnPassCfg function of the...

10CVSS7.3AI score0.01785EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.7 views

PT-2026-34811

Name of the Vulnerable Software and Affected Versions SenseLive X3050 affected versions not specified Description The web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcemen...

8.1CVSS5.2AI score0.00324EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/15 11:45 p.m.4 views

CVE-2026-5363

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

6CVSS5.8AI score0.00091EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/15 6:31 p.m.5 views

EUVD-2026-22958

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting XSS attack or a reflected XSS attack against a user of the web-based...

4.8CVSS5.8AI score0.00173EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/15 4:3 p.m.19 views

CVE-2026-20132 Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting XSS attack or a reflected XSS attack against a user of the web-based...

4.8CVSS0.00173EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.13 views

PT-2026-33082

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerabili...

4.7CVSS5.8AI score0.00202EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/14 7:22 p.m.6 views

CVE-2026-6131

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument command results in os command injection. The attack may be launched...

10CVSS6.9AI score0.01823EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/09 9:31 p.m.3 views

EUVD-2026-21184

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wifiOff can lead to os command injection. It is possible to launch the attack...

10CVSS7AI score0.02114EPSS
Exploits0References6
NVD
NVD
added 2026/04/09 9:16 p.m.8 views

CVE-2026-5978

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument mode leads to os command injection. The attack can be initiated remotely. Th...

10CVSS0.01766EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/09 8:15 p.m.2 views

CVE-2026-5977

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wifiOff can lead to os command injection. It is possible to launch the attack...

10CVSS7AI score0.02114EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/09 5:45 a.m.1 views

CVE-2026-5850

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injection. Remote exploitation of the attack is possible...

10CVSS7AI score0.15952EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.10 views

LobeHub 安全漏洞

LobeHub is an open-source AI dialogue framework developed by LobeHub. Versions of LobeHub prior to 2.1.48 contained security vulnerabilities. These vulnerabilities stemmed from the WebAPI authentication layer, which trusted client control headers that had only been XOR-encrypted. This allowed...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/01 6:36 p.m.7 views

EUVD-2026-17952

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation...

6.5CVSS6.1AI score0.00719EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/01 6:36 p.m.2 views

EUVD-2026-17955

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access. This vulnerability is due to improper authorization...

8CVSS5.9AI score0.0027EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.5 views

Cisco Integrated Management Controller 跨站脚本漏洞

The Cisco Integrated Management Controller IMC is a set of software developed by Cisco, Inc., used for managing UCS Unified Computing System environments. This software supports HTTP and SSH access, and allows operations such as powering on, powering off, and restarting servers. The Cisco IMC has...

4.8CVSS5.7AI score0.0017EPSS
Exploits0References1
Rows per page
Query Builder