Submit #813697: EMPLOYEE_MANAGEMENT_SYSTEM v1.0 Reflected XSS [Accepted]
Submit #813697 / VDB-365396
Aggregator
CVE-2026-9411 | SourceCodester Indian Invoicing System 1.0 Invoice Generation IGST_Invoice.php customer_name/category sql injection (EUVD-2026-31614)
3 weeks 3 days ago
A vulnerability was found in SourceCodester Indian Invoicing System 1.0. It has been classified as critical. This issue affects some unknown processing of the file /Invoicing/IGST_Invoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customer_name/category results in sql injection.
This vulnerability is identified as CVE-2026-9411. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com
Submit #813610: SourceCodester Invoicing System In PHP 1.0 Stored XSS [Accepted]
3 weeks 3 days ago
Submit #813610 / VDB-365395
c4ttr4ck
Submit #813609: SourceCodester Invoicing System In PHP 1.0 Reflected Cross-Site Scripting (XSS) + SQL Injection [Accepted]
3 weeks 3 days ago
Submit #813609 / VDB-365394
c4ttr4ck
Submit #813608: SourceCodester Invoice-System 1.0 Broken Access Control [Accepted]
3 weeks 3 days ago
Submit #813608 / VDB-365393
c4ttr4ck
CVE-2026-9410 | Sushmi-pal Invoice-System up to a0a3faa16dee2621b231ae227333f5761607283b Profile Workflow /profile ID improper authorization (EUVD-2026-31612)
3 weeks 3 days ago
A vulnerability was found in Sushmi-pal Invoice-System up to a0a3faa16dee2621b231ae227333f5761607283b and classified as critical. This vulnerability affects unknown code of the file /profile of the component Profile Workflow. Such manipulation of the argument ID leads to improper authorization.
This vulnerability is referenced as CVE-2026-9410. It is possible to launch the attack remotely. Furthermore, an exploit is available.
This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2026-9409 | Sushmi-pal Invoice-System up to a0a3faa16dee2621b231ae227333f5761607283b User Management /user role improper authorization (EUVD-2026-31611)
3 weeks 3 days ago
A vulnerability has been found in Sushmi-pal Invoice-System up to a0a3faa16dee2621b231ae227333f5761607283b and classified as critical. This affects an unknown part of the file /user of the component User Management Handler. This manipulation of the argument role causes improper authorization.
The identification of this vulnerability is CVE-2026-9409. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #813607: SourceCodester Invoicing System In PHP 1.0 Second-Order SQL Injection [Accepted]
3 weeks 3 days ago
Submit #813607 / VDB-365392
c4ttr4ck
Submit #813606: Sushmi-pal Invoice-System 1.0 Insecure Direct Object Reference (IDOR) [Accepted]
3 weeks 3 days ago
Submit #813606 / VDB-365391
c4ttr4ck
Submit #813605: Sushmi-pal Invoice-System 1.0 Broken Access Control + Privilege Escalation [Accepted]
3 weeks 3 days ago
Submit #813605 / VDB-365390
c4ttr4ck
CVE-2026-9408 | Totolink A8000RU 7.1cu.643_b20200521 Web Management Interface /cgi-bin/cstecgi.cgi setStaticDhcpRules enable os command injection (EUVD-2026-31609)
3 weeks 3 days ago
A vulnerability, which was classified as critical, was found in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enable results in os command injection.
This vulnerability was named CVE-2026-9408. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com
CVE-2026-9407 | Totolink A8000RU 7.1cu.643_b20200521 Web Management Interface /cgi-bin/cstecgi.cgi setFirewallType firewallType os command injection (EUVD-2026-31610)
3 weeks 3 days ago
A vulnerability, which was classified as critical, has been found in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setFirewallType of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument firewallType leads to os command injection.
This vulnerability is uniquely identified as CVE-2026-9407. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com
CVE-2026-9406 | Totolink A8000RU 7.1cu.643_b20200521 Web Management Interface /cgi-bin/cstecgi.cgi setRemoteCfg enable os command injection (EUVD-2026-31606)
3 weeks 3 days ago
A vulnerability classified as critical was found in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection.
This vulnerability is handled as CVE-2026-9406. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com
CVE-2026-9405 | Totolink A8000RU 7.1cu.643_b20200521 Web Management Interface /cgi-bin/cstecgi.cgi setGameSpeedCfg enable os command injection (EUVD-2026-31608)
3 weeks 3 days ago
A vulnerability classified as critical has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection.
This vulnerability is known as CVE-2026-9405. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com
CVE-2026-9404 | Totolink A8000RU 7.1cu.643_b20200521 Web Management Interface /cgi-bin/cstecgi.cgi setDdnsCfg provider os command injection (EUVD-2026-31607)
3 weeks 3 days ago
A vulnerability described as critical has been identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument provider leads to os command injection.
This vulnerability is traded as CVE-2026-9404. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
Submit #813602: SourceCodester BarbarBaba 1.0 SQL Injection (Authentication Bypass) [Duplicate]
3 weeks 3 days ago
Submit #813602 / VDB-313776
c4ttr4ck
CVE-2026-9403 | Edimax BR-6675nD 1.12 POST Request /goform/formWlSiteSurvey selSSID buffer overflow (EUVD-2026-31605)
3 weeks 3 days ago
A vulnerability marked as critical has been reported in Edimax BR-6675nD 1.12. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. This manipulation of the argument selSSID causes buffer overflow.
This vulnerability appears as CVE-2026-9403. The attack may be initiated remotely. In addition, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2026-9402 | Edimax BR-6675nD 1.12 POST Request /goform/formWlanMP command injection (EUVD-2026-31602)
3 weeks 3 days ago
A vulnerability labeled as critical has been found in Edimax BR-6675nD 1.12. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component POST Request Handler. The manipulation of the argument ateFunc/ateGain/ateRate/ateChan/ateTxCount/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/ateTxFreqOffset/ateMode/ateMacID/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/readE2P/e2pTxPwDeltaN results in command injection.
This vulnerability is reported as CVE-2026-9402. The attack can be launched remotely. Moreover, an exploit is present.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2026-9401 | Edimax BR-6675nD 1.12 POST Request formWanTcpipSetup pppUserName buffer overflow (EUVD-2026-31604)
3 weeks 3 days ago
A vulnerability identified as critical has been detected in Edimax BR-6675nD 1.12. Impacted is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to buffer overflow.
This vulnerability is documented as CVE-2026-9401. The attack can be initiated remotely. Additionally, an exploit exists.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2026-9400 | Edimax BR-6675nD 1.12 POST Request /goform/formUSBStorage sub_dir command injection (EUVD-2026-31603)
3 weeks 3 days ago
A vulnerability categorized as critical has been discovered in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument sub_dir can lead to command injection.
This vulnerability is registered as CVE-2026-9400. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com