|
5021
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipula…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7137
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5022
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7138
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5023
|
4.3 |
MEDIUM
Network
|
-
|
-
|
An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL.
|
CWE-601
Open Redirect
|
CVE-2026-30346
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5024
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal.
|
CWE-22
Path Traversal
|
CVE-2026-30462
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5025
|
8.8 |
HIGH
Network
|
-
|
-
|
Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/setting…
|
CWE-352
Origin Validation Error
|
CVE-2026-38934
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5026
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter
|
CWE-79
Cross-site Scripting
|
CVE-2026-38935
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5027
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter
|
CWE-79
Cross-site Scripting
|
CVE-2026-38936
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5028
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the …
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7139
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5029
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the arg…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7140
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5030
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invit…
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7145
|
2026-04-28 03:35 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
