0.0
CVE-2021-47674 -
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
0.0
CVE-2021-47679 -
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
6.9
CVE-2025-3675 - TOTOLINK A3700R cstecgi.cgi setL2tpServerCfg access control
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been rated as critical. Affected by this issue is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been β¦
6.9
CVE-2025-3674 - TOTOLINK A3700R cstecgi.cgi setUrlFilterRules access control
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploβ¦
4.8
CVE-2024-10680 - Form Maker by 10Web < 1.15.32 - Admin+ Stored XSS
The Form Maker by 10Web WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
5.3
CVE-2025-3247 - Contact Form 7 <= 6.0.5 - Order Replay Vulnerability
The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 6.0.5 via the 'wpcf7_stripe_skip_spam_check' function due to insufficient validation on a user controlled key. This makes it possible for unauthenticated attackers to reuse a single Stripe Paβ¦
6.9
CVE-2025-3668 - TOTOLINK A3700R cstecgi.cgi setScheduleCfg access control
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. This vulnerability affects the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has beβ¦
6.9
CVE-2025-3667 - TOTOLINK A3700R cstecgi.cgi setUPnPCfg access control
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been classified as critical. This affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disβ¦
6.9
CVE-2025-3666 - TOTOLINK A3700R cstecgi.cgi setDdnsCfg access control
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this issue is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed β¦
9.8
CVE-2025-3495 - COMMGR - Insufficient Randomization Authentication Bypass
Delta Electronics COMMGR v1 and v2Β uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code.