|
3021
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-9515
|
2026-05-27 03:59 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3022
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Su…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-9532
|
2026-05-27 03:59 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3023
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a mani…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-9533
|
2026-05-27 03:59 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3024
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the arg…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-9534
|
2026-05-27 03:59 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3025
|
8.8 |
HIGH
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder. The Concrete CMS security team gave this vulnerability a CVS…
|
CWE-352
CWE-1275
Origin Validation Error
Sensitive Cookie with Improper SameSite Attribute
|
CVE-2026-8415
|
2026-05-27 03:58 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3026
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/view_history.php. The manipulation o…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9342
|
2026-05-27 03:56 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3027
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=save_patient_history. This manip…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9355
|
2026-05-27 03:56 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3028
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/manage_history.php. Such manipulation of…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9356
|
2026-05-27 03:56 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3029
|
8.8 |
HIGH
Network
|
-
|
-
|
The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is du…
|
CWE-269
Improper Privilege Management
|
CVE-2026-6895
|
2026-05-27 03:55 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3030
|
8.8 |
HIGH
Network
|
-
|
-
|
The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\Team_Accounts::save_settings' function in…
|
CWE-269
Improper Privilege Management
|
CVE-2026-6897
|
2026-05-27 03:55 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
