CVE-2020-37047 - Deep Instinct Windows Agent 1.2.29.0 - 'DeepMgmtService' Unquoted Service Path
CVE ID : CVE-2020-37047
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicious code that would execute with LocalSystem permissions during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37047
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files\HP Sure Sense\DeepMgmtService.exe to inject malicious code that would execute with LocalSystem permissions during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37048 - Iskysoft Application Framework Service 2.4.3.241 - 'IsAppService' Unquoted Service Path
CVE ID : CVE-2020-37048
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that would be run with the service's high-level system permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37048
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that would be run with the service's high-level system permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37055 - SpyHunter 4 - 'SpyHunter 4 Service' Unquoted Service Path
CVE ID : CVE-2020-37055
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated access during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37055
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations to gain elevated access during service startup.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37061 - BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path
CVE ID : CVE-2020-37061
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with LocalSystem permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37061
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with LocalSystem permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37062 - DHCP Turbo 4.6.1298- 'DHCP Turbo 4' Unquoted Service Path
CVE ID : CVE-2020-37062
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37062
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37063 - TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path
CVE ID : CVE-2020-37063
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37063
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-37064 - EPSON EasyMP Network Projection 2.81 - 'EMP_NSWLSV' Unquoted Service Path
CVE ID : CVE-2020-37064
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\ to inject malicious code that would execute with LocalSystem privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-37064
Published : Feb. 1, 2026, 3:16 p.m. | 3 hours, 19 minutes ago
Description : EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\ to inject malicious code that would execute with LocalSystem privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1733 - Zhong Bang CRMEB :uni tidyOrder improper authorization
CVE ID : CVE-2026-1733
Published : Feb. 1, 2026, 11:15 p.m. | 3 hours, 21 minutes ago
Description : A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id leads to improper authorization. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1733
Published : Feb. 1, 2026, 11:15 p.m. | 3 hours, 21 minutes ago
Description : A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id leads to improper authorization. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25253 - OpenClaw WebSocket Token Disclosure Vulnerability
CVE ID : CVE-2026-25253
Published : Feb. 1, 2026, 11:15 p.m. | 3 hours, 21 minutes ago
Description : OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25253
Published : Feb. 1, 2026, 11:15 p.m. | 3 hours, 21 minutes ago
Description : OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1734 - Zhong Bang CRMEB crontab Endpoint CrontabController.php authorization
CVE ID : CVE-2026-1734
Published : Feb. 2, 2026, 12:15 a.m. | 2 hours, 21 minutes ago
Description : A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1734
Published : Feb. 2, 2026, 12:15 a.m. | 2 hours, 21 minutes ago
Description : A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1735 - Yealink MeetingBar A30 Diagnostic command injection
CVE ID : CVE-2026-1735
Published : Feb. 2, 2026, 1:15 a.m. | 1 hour, 21 minutes ago
Description : A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1735
Published : Feb. 2, 2026, 1:15 a.m. | 1 hour, 21 minutes ago
Description : A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1736 - Open5GS SGWC s11-handler.c assertion
CVE ID : CVE-2026-1736
Published : Feb. 2, 2026, 1:15 a.m. | 1 hour, 21 minutes ago
Description : A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request of the file /src/sgwc/s11-handler.c of the component SGWC. Such manipulation leads to reachable assertion. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. A patch should be applied to remediate this issue. The issue report is flagged as already-fixed.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1736
Published : Feb. 2, 2026, 1:15 a.m. | 1 hour, 21 minutes ago
Description : A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request of the file /src/sgwc/s11-handler.c of the component SGWC. Such manipulation leads to reachable assertion. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. A patch should be applied to remediate this issue. The issue report is flagged as already-fixed.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13348 - ASUS Business Manager Arbitrary File Creation Vulnerability
CVE ID : CVE-2025-13348
Published : Feb. 2, 2026, 2:16 a.m. | 20 minutes ago
Description : An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update for ASUS Business Manager" section on the ASUS Security Advisory for more information.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13348
Published : Feb. 2, 2026, 2:16 a.m. | 20 minutes ago
Description : An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update for ASUS Business Manager" section on the ASUS Security Advisory for more information.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1737 - Open5GS CreateBearerRequest s5c-handler.c sgwc_s5c_handle_create_bearer_request assertion
CVE ID : CVE-2026-1737
Published : Feb. 2, 2026, 2:16 a.m. | 20 minutes ago
Description : A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function sgwc_s5c_handle_create_bearer_request of the file /src/sgwc/s5c-handler.c of the component CreateBearerRequest Handler. Performing a manipulation results in reachable assertion. Remote exploitation of the attack is possible. The exploit is now public and may be used. To fix this issue, it is recommended to deploy a patch. The issue report is flagged as already-fixed.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1737
Published : Feb. 2, 2026, 2:16 a.m. | 20 minutes ago
Description : A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function sgwc_s5c_handle_create_bearer_request of the file /src/sgwc/s5c-handler.c of the component CreateBearerRequest Handler. Performing a manipulation results in reachable assertion. Remote exploitation of the attack is possible. The exploit is now public and may be used. To fix this issue, it is recommended to deploy a patch. The issue report is flagged as already-fixed.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1738 - Open5GS SGWC context.c sgwc_tunnel_add assertion
CVE ID : CVE-2026-1738
Published : Feb. 2, 2026, 2:16 a.m. | 20 minutes ago
Description : A flaw has been found in Open5GS up to 2.7.6. The impacted element is the function sgwc_tunnel_add of the file /src/sgwc/context.c of the component SGWC. Executing a manipulation of the argument pdr can lead to reachable assertion. The attack can be executed remotely. The exploit has been published and may be used. It is advisable to implement a patch to correct this issue. The issue report is flagged as already-fixed.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1738
Published : Feb. 2, 2026, 2:16 a.m. | 20 minutes ago
Description : A flaw has been found in Open5GS up to 2.7.6. The impacted element is the function sgwc_tunnel_add of the file /src/sgwc/context.c of the component SGWC. Executing a manipulation of the argument pdr can lead to reachable assertion. The attack can be executed remotely. The exploit has been published and may be used. It is advisable to implement a patch to correct this issue. The issue report is flagged as already-fixed.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1739 - Free5GC pcf smpolicy.go HandleCreateSmPolicyRequest null pointer dereference
CVE ID : CVE-2026-1739
Published : Feb. 2, 2026, 2:16 a.m. | 20 minutes ago
Description : A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recommended action to fix this issue.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1739
Published : Feb. 2, 2026, 2:16 a.m. | 20 minutes ago
Description : A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recommended action to fix this issue.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1740 - EFM ipTIME A8004T Hidden Hiddenloginsetup timepro.cgi httpcon_check_session_url improper authentication
CVE ID : CVE-2026-1740
Published : Feb. 2, 2026, 4:15 a.m. | 2 hours, 22 minutes ago
Description : A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1740
Published : Feb. 2, 2026, 4:15 a.m. | 2 hours, 22 minutes ago
Description : A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1741 - EFM ipTIME A8004T Debug d.cgi httpcon_check_session_url backdoor
CVE ID : CVE-2026-1741
Published : Feb. 2, 2026, 4:15 a.m. | 2 hours, 22 minutes ago
Description : A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1741
Published : Feb. 2, 2026, 4:15 a.m. | 2 hours, 22 minutes ago
Description : A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1742 - EFM ipTIME A8004T VPN Service timepro.cgi commit_vpncli_file_upload unrestricted upload
CVE ID : CVE-2026-1742
Published : Feb. 2, 2026, 4:15 a.m. | 2 hours, 22 minutes ago
Description : A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi of the component VPN Service. Such manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1742
Published : Feb. 2, 2026, 4:15 a.m. | 2 hours, 22 minutes ago
Description : A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi of the component VPN Service. Such manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1743 - DJI Mavic Mini/Spark/Mini SE Enhanced Wi-Fi Pairing authentication replay
CVE ID : CVE-2026-1743
Published : Feb. 2, 2026, 4:15 a.m. | 2 hours, 22 minutes ago
Description : A vulnerability has been found in DJI Mavic Mini, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing. The manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1743
Published : Feb. 2, 2026, 4:15 a.m. | 2 hours, 22 minutes ago
Description : A vulnerability has been found in DJI Mavic Mini, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing. The manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1744 - D-Link DSL-6641K sp_pppoe_user.js doSubmitPPP cross site scripting
CVE ID : CVE-2026-1744
Published : Feb. 2, 2026, 5:15 a.m. | 1 hour, 21 minutes ago
Description : A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function doSubmitPPP of the file sp_pppoe_user.js. The manipulation of the argument Username results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1744
Published : Feb. 2, 2026, 5:15 a.m. | 1 hour, 21 minutes ago
Description : A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function doSubmitPPP of the file sp_pppoe_user.js. The manipulation of the argument Username results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...