xiaohaiyang-ai

3 exploits Active since Apr 2026
CVE-2026-8133 WRITEUP HIGH WRITEUP
zyx0814 FilePress Shares Filelist API admin.php sql injection
A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Filelist API. Such manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The name of the patch is e20ec58414103f781858f2951d178e19b1736664. A patch should be applied to remediate this issue.
CVSS 7.3
CVE-2026-7218 WRITEUP HIGH WRITEUP
Totolink N300RT libapmib.so formWsc is_cmd_string_valid buffer overflow
A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVSS 7.2
CVE-2026-6560 WRITEUP HIGH WRITEUP
H3C Magic B0 aspForm Edit_BasicSSID buffer overflow
A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8