An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter

An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class.

An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so.

Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session hijacking attack.

Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment Model: REBLE310/RX10/4ASI allows attackers to execute a session hijacking attack.

Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the firmware update process. This vulnerability allows attackers to execut...

Incorrect access control in Orban OPTIMOD 5950 Firmware v1.0.0.2 and System v2.2.15 allows attackers to bypass authentication and gain Administrator privileges.

Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary throu...

Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address.

Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_url in /boafrm/formLtefotaUpgradeQuectel

The TOTOLINK A800R V4.1.2cu.5137_B20200730 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mydata Informatics Ticket Sales Automation allows Blind SQL Injection.This issue affects Ticket Sa...

A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker to execute arbitrary code via not filtering the content correctly at the "operateOrder.php" id parameter.

Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injection via dash.php.

rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component.

TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter.

TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter.

TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain p...

TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 w...

TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the cstecgi.cgi

A SQL Injection vulnerability exists in the `u` parameter of the progress-body-weight.php endpoint of Dietiqa App v1.0.20.