|
1661
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulatio…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7243
|
2026-04-28 18:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1662
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipul…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7242
|
2026-04-28 18:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1663
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipula…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7241
|
2026-04-28 18:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1664
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such ma…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7240
|
2026-04-28 17:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1665
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in ErlichLiu claude-agent-sdk-master up to b185aa7ff0d864581257008077b4010fca1747bf. Affected by this vulnerability is an unknown functionality of the file …
|
CWE-22
Path Traversal
|
CVE-2026-7235
|
2026-04-28 17:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1666
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe() function passing user-controlled $_POST['amo…
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-4911
|
2026-04-28 17:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1667
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundle…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4805
|
2026-04-28 17:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1668
|
6.5 |
MEDIUM
Local
|
-
|
-
|
KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of …
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-41525
|
2026-04-28 17:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1669
|
- |
|
-
|
-
|
Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to prot…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-54013
|
2026-04-28 17:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1670
|
- |
|
-
|
-
|
Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be e…
|
CWE-78
OS Command
|
CVE-2024-54012
|
2026-04-28 17:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
