CVE-2025-15620

creationtimestamp| type| source ---|---|--- 2026-04-02 22:20:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mikaikdgyk2d 2026-04-02 23:18:37+00:00| seen| Telegram/wPpcMbRpbo1Ga69LyA-eFh8R0SLzJGU8C7s0zmgI81BZZk 2026-04-03 02:22:03+00:00| seen|...

CVE-2025-15620

HiOS Switch Platform versions 09.1.00 through 09.4.04 and 10.0.00 through 10.3.00 contain a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an...

CVE-2020-15620

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the id parameter, the...

CVE-2020-15620

The CVE-2020-15620 issue affects CentOS Web Panel (cwp-e17.0.9.8.923) and is a SQL injection in ajax_list_accounts.php where the id parameter is used to build queries without proper validation, enabling information disclosure in the context of root. This is documented across multiple sources (ZDI...

CVE-2020-15620

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the id parameter, the...

CVE-2019-15620

CVE-2019-15620 describes an improper access control vulnerability in Nextcloud Talk 6.0.3 where the existence and names of private conversations can be leaked when those conversations are linked to another shared item via the Projects feature. Affected component is Nextcloud Talk (Spreed) 6.0.3. ...

SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SystemTap MODPROBEOPTIONS Privilege Escalation', 'Description' = %q This module attempts to gain root privileges by exploiting a vulnerability in...

CVE-2018-15620

CVE-2018-15620 is rejected/not used; this CVE ID does not represent an active vulnerability entry.

CVE-2018-15620

...

CVE-2017-15620

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmacimport.lua file...

CVE-2017-15620

CVE-2017-15620 concerns TP-Link WVR, WAR and ER devices. The issue is a command-injection vulnerability in the ipmac_import.lua file’s new-zone variable that can be exploited by remote authenticated administrators to execute arbitrary commands. This implies attackers with valid credentials and ac...

TP-Link Remote Command Injection

Introduction: ================ The WVR-, WAR- and ER- products are the SOHO/WIFI routers of TP-Link. These issues allow remote authenticated administrators to execute arbitrary commands via command injection through different variables of different lua files. If the attacker obtains the account a...