9.3
CVE-2026-5997 - Totolink A7100RU CGI cstecgi.cgi setLoginPasswordCfg os command injection
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass results in os command injection. It is possible to launch the attacโฆ
9.3
CVE-2026-5996 - Totolink A7100RU CGI cstecgi.cgi setAdvancedInfoShow os command injection
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tty_server leads to os command injection. It is possible to iโฆ
9.3
CVE-2026-5995 - Totolink A7100RU CGI cstecgi.cgi setMiniuiHomeInfoShow os command injection
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument lan_info can lead to os command injection. The attack may be performed fromโฆ
9.3
CVE-2026-5994 - Totolink A7100RU CGI cstecgi.cgi setTelnetCfg os command injection
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument telnet_enabled results in os command injection. The attack is possible โฆ
9.3
CVE-2026-5993 - Totolink A7100RU CGI cstecgi.cgi setWiFiGuestCfg os command injection
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wifiOff leads to os command injection. The attack can be executed remotelโฆ
8.7
CVE-2026-5992 - Tenda F451 P2pListFilter fromP2pListFilter stack-based overflow
A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2pListFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and โฆ
9.8
CVE-2026-36234 - SQL Injection in Enrollment System Courses Feature
itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter.
7.5
CVE-2026-23782 - Unauthorized API Credential Exposure Enables Privileged Operations in BMC ControlโM/MFT
An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to unaโฆ
9.8
CVE-2026-23781 - HardโCoded Default Debug Credentials in BMC ControlโM/MFT
An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface.
9.8
CVE-2026-36236 - SQL Injection in SourceCodester Engineers Online Portal Password Update
SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in update_password.php via the new_password parameter.