CVE-2025-36126

IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting XSS in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended...

CVE-2026-5509

An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can leverage the...

EUVD-2026-32611

An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can leverage the...

CVE-2026-9632

A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the component Web Management Interface. Executing a manipulation of the argument Profile can lead to stack-based buffer overflow. It is possibl...

EUVD-2026-32038

A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the component Web Management Interface. Executing a manipulation of the argument Profile can lead to stack-based buffer overflow. It is possibl...

EUVD-2026-32030

A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation of the argument sysAdmUser/sysAdmPass results in buffer overflow. The attack can be launched...

PT-2026-43686

Name of the Vulnerable Software and Affected Versions IBM Cognos Analytics versions 11.2.0, 11.2.4, 12.0, and 12.1.0 IBM Cognos Transformer versions 11.2.4, 12.0, and 12.1.0 Description Cross-site scripting XSS allows a remote attacker to inject arbitrary JavaScript code into the web user...

UTT HiPER 1250GW 安全漏洞

UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained security vulnerabilities. These vulnerabilities were caused by the strcpy function in the Web Management Interface...

UTT HiPER 1250GW 安全漏洞

UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained security vulnerabilities. These vulnerabilities were caused by the strcpy function in the Web Management Interface component/goform/formGroupConfig file,...

PT-2026-44065

Name of the Vulnerable Software and Affected Versions Archer BE450 v1 Archer BE7200 v1 Description An authenticated command injection allows an administrator to execute arbitrary system commands through the web management interface. By using the browser developer console, a crafted input can be...

CVE-2026-9457

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The attack is possible...

CVE-2025-36148 IBM Financial Transaction Manager for SWIFT Services for Multiplatforms is vulnerable to cross-site scripting.

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the...

CVE-2025-36148

CVE-2025-36148 affects IBM Financial Transaction Manager for SWIFT Services for Multiplatforms, versions 3.2.4.0–3.2.4.15. The issue is a cross-site scripting vulnerability in the Web UI that allows an unauthenticated attacker to inject arbitrary JavaScript, potentially exposing credentials withi...

CVE-2026-34473

Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST...

CVE-2026-34474

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

Kwetsbaarheid verholpen in Cisco Secure Workload

Cisco has identified a vulnerability in Cisco Secure Workload. This vulnerability resides within the internal REST APIs of Cisco Secure Workload. Unauthorized malicious actors with access to the internal infrastructure can obtain Site Admin privileges through inadequate validation and...

TOTOLINK N300RH 安全漏洞

TOTOLINK N300RH is a long-range wireless router produced by TOTOLINK Corporation. Version 6.1c.1353B20190305 of TOTOLINK N300RH contains a security vulnerability. This vulnerability stems from improper handling of parameters in the setPasswordCfg function of the file/cgi-bin/cstecgi.cgi within th...

CVE-2026-9478 Totolink A8000RU Web Management cstecgi.cgi setParentalRules os command injection

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack may be performe...

EUVD-2026-31709

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be...

CVE-2026-9457

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The attack is possible...