6.9
CVE-2025-3674 - TOTOLINK A3700R cstecgi.cgi setUrlFilterRules access control
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploβ¦
4.8
CVE-2024-10680 - Form Maker by 10Web < 1.15.32 - Admin+ Stored XSS
The Form Maker by 10Web WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
5.3
CVE-2025-3247 - Contact Form 7 <= 6.0.5 - Order Replay Vulnerability
The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 6.0.5 via the 'wpcf7_stripe_skip_spam_check' function due to insufficient validation on a user controlled key. This makes it possible for unauthenticated attackers to reuse a single Stripe Paβ¦
6.9
CVE-2025-3668 - TOTOLINK A3700R cstecgi.cgi setScheduleCfg access control
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. This vulnerability affects the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has beβ¦
6.9
CVE-2025-3667 - TOTOLINK A3700R cstecgi.cgi setUPnPCfg access control
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been classified as critical. This affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disβ¦
6.9
CVE-2025-3666 - TOTOLINK A3700R cstecgi.cgi setDdnsCfg access control
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this issue is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed β¦
9.8
CVE-2025-3495 - COMMGR - Insufficient Randomization Authentication Bypass
Delta Electronics COMMGR v1 and v2Β uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code.
6.9
CVE-2025-3665 - TOTOLINK A3700R cstecgi.cgi setSmartQosCfg access control
A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this vulnerability is the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit haβ¦
6.9
CVE-2025-3664 - TOTOLINK A3700R cstecgi.cgi setWiFiEasyGuestCfg access control
A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has beeβ¦
6.9
CVE-2025-3663 - TOTOLINK A3700R Password cstecgi.cgi setWiFiEasyGuestCfg access control
A vulnerability, which was classified as critical, has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. This issue affects the function setWiFiEasyCfg/setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component Password Handler. The manipulation leads to improper access controls. The β¦