Aggregator

CVE-2026-9443 | Edimax BR-6478AC 1.23 POST Request /goform/formL2TPSetup L2TPUserName buffer overflow

VulDB Recent Entries
3 weeks 3 days ago
A vulnerability identified as critical has been detected in Edimax BR-6478AC 1.23. This vulnerability affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. The manipulation of the argument L2TPUserName leads to buffer overflow. This vulnerability is listed as CVE-2026-9443. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-9442 | Edimax BR-6478AC 1.23 POST Request formiNICSiteSurvey selSSID buffer overflow

VulDB Recent Entries
3 weeks 3 days ago
A vulnerability categorized as critical has been discovered in Edimax BR-6478AC 1.23. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. Executing a manipulation of the argument selSSID can lead to buffer overflow. This vulnerability is tracked as CVE-2026-9442. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-9441 | Edimax BR-6478AC 1.23 POST Request /goform/formiNICbasic rootAPmac command injection

VulDB Recent Entries
3 weeks 3 days ago
A vulnerability was found in Edimax BR-6478AC 1.23. It has been rated as critical. Affected by this issue is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. Performing a manipulation of the argument rootAPmac results in command injection. This vulnerability is identified as CVE-2026-9441. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-9440 | Edimax BR-6478AC 1.23 POST Request /goform/formAccept submit-url command injection

VulDB Recent Entries
3 weeks 3 days ago
A vulnerability was found in Edimax BR-6478AC 1.23. It has been declared as critical. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. This vulnerability is referenced as CVE-2026-9440. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-9439 | Edimax BR-6675nD 1.12 /goform/stainfo interface command injection

VulDB Recent Entries
3 weeks 3 days ago
A vulnerability was found in Edimax BR-6675nD 1.12. It has been classified as critical. Affected is the function stainfo of the file /goform/stainfo. This manipulation of the argument interface causes command injection. The identification of this vulnerability is CVE-2026-9439. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-9438 | yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203 courseDel.php ID resource injection

VulDB Recent Entries
3 weeks 3 days ago
A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203 and classified as problematic. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. This vulnerability was named CVE-2026-9438. The attack may be performed from remote. In addition, an exploit is available. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com

CVE-2026-9437 | DTStack Taier 1.4.0 REST API Runtime.exec sqlText os command injection

VulDB Recent Entries
3 weeks 3 days ago
A vulnerability has been found in DTStack Taier 1.4.0 and classified as critical. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. This vulnerability is uniquely identified as CVE-2026-9437. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2026-9436 | Totolink A8000RU 7.1cu.643_b20200521 Web Management Interface /cgi-bin/cstecgi.cgi setL2tpServerCfg enable os command injection

VulDB Recent Entries
3 weeks 3 days ago
A vulnerability, which was classified as critical, was found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. This vulnerability is handled as CVE-2026-9436. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com

Managed ad