|
2211
|
- |
|
-
|
-
|
authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either bec…
|
CWE-842
Placement of User into Incorrect Group
|
CVE-2026-6970
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2212
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a man…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7136
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2213
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipula…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7137
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2214
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7138
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2215
|
4.3 |
MEDIUM
Network
|
-
|
-
|
An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL.
|
CWE-601
Open Redirect
|
CVE-2026-30346
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2216
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal.
|
CWE-22
Path Traversal
|
CVE-2026-30462
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2217
|
8.8 |
HIGH
Network
|
-
|
-
|
Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/setting…
|
CWE-352
Origin Validation Error
|
CVE-2026-38934
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2218
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter
|
CWE-79
Cross-site Scripting
|
CVE-2026-38935
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2219
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter
|
CWE-79
Cross-site Scripting
|
CVE-2026-38936
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2220
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the …
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7139
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
