0.0
CVE-2025-71058 -
Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses without validating that the response originates from a legitimate configured upstream DNS server. The implementation matches responses primarily by TXID and inserts results into the cache, enabling a remote attacker to injectβ¦
5.3
CVE-2026-5705 - code-projects Online Hotel Booking Booking Endpoint booknow.php cross site scripting
A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affected by this vulnerability is an unknown functionality of the file /booknow.php of the component Booking Endpoint. Such manipulation of the argument roomname leads to cross site scripting. It is possible to launch the attβ¦
6.9
CVE-2026-5692 - Totolink A7100RU cstecgi.cgi setGameSpeedCfg os command injection
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been made public and coulβ¦
6.9
CVE-2026-5691 - Totolink A7100RU cstecgi.cgi setFirewallType os command injection
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setFirewallType of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument firewallType leads to os command injection. The attack is possible to be carried out remotely. The exploit has been dβ¦
6.9
CVE-2026-5690 - Totolink A7100RU cstecgi.cgi setRemoteCfg os command injection
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit has been published aβ¦
6.9
CVE-2026-5689 - Totolink A7100RU cstecgi.cgi setNtpCfg os command injection
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument tz results in os command injection. Remote exploitation of the attack is possible. The exploit is now pubβ¦
6.9
CVE-2026-5688 - Totolink A7100RU cstecgi.cgi setDdnsCfg os command injection
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit has been disclosed puβ¦
8.7
CVE-2026-5687 - Tenda CX12L NatStaticSetting fromNatStaticSetting stack-based overflow
A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. This manipulation of the argument page causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available β¦
8.7
CVE-2026-35454 - Code Extension Marketplace has a Zip Slip Path Traversal
The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback that β¦
5.3
CVE-2026-35452 - WWBN AVideo has Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.php
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin(). The log contains internal filesysteβ¦