|
1071
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument …
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7121
|
2026-04-28 03:36 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1072
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the ar…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7122
|
2026-04-28 03:36 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1073
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the …
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7123
|
2026-04-28 03:36 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1074
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Exe…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7124
|
2026-04-28 03:36 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1075
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipu…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7125
|
2026-04-28 03:36 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1076
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path…
|
CWE-22
Path Traversal
|
CVE-2026-7132
|
2026-04-28 03:36 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1077
|
9.8 |
CRITICAL
Network
|
-
|
-
|
ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without para…
|
CWE-89
SQL Injection
|
CVE-2026-41462
|
2026-04-28 03:36 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1078
|
8.8 |
HIGH
Network
|
-
|
-
|
ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outs…
|
CWE-22
Path Traversal
|
CVE-2026-41463
|
2026-04-28 03:36 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1079
|
6.5 |
MEDIUM
Network
|
-
|
-
|
ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive …
|
CWE-862
Missing Authorization
|
CVE-2026-41464
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1080
|
6.5 |
MEDIUM
Network
|
-
|
-
|
ProjeQtor versions 7.0 through 12.4.3 contains a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal sequ…
|
CWE-22
Path Traversal
|
CVE-2026-41465
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
