Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:17 p.m.18 views

CVE-2020-19825

Cross Site Scripting XSS vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges...

9.6CVSS6AI score0.00697EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 a.m.8 views

CVE-2019-19825

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an "topicurl":"setting/getSanvas" POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform...

9.8CVSS6.7AI score0.29557EPSS
Exploits3References1
NVD
NVD
added 2024/05/03 2:15 a.m.12 views

CVE-2023-27356

NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing...

8CVSS7.2AI score0.01238EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/03 1:56 a.m.20 views

CVE-2023-27356 NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability

NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing...

6.8CVSS8.1AI score0.01238EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/03 1:56 a.m.30 views

CVE-2023-27356 NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability

NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing...

6.8CVSS7.5AI score0.01238EPSS
Exploits0References2
CVE
CVE
added 2024/05/03 1:56 a.m.64 views

CVE-2023-27356

The CVE-2023-27356 issue affects NETGEAR RAX30 routers, specifically in the logCtrl action. The root cause is the lack of proper validation of a user-supplied string before it is used to perform a system call, allowing an attacker with network-adjacent access to execute arbitrary code with root p...

8CVSS7.3AI score0.01238EPSS
Exploits0References2Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2024/02/23 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-19825

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an "topicurl":"setting/getSanvas" POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can...

9.8CVSS7.3AI score0.29557EPSS
Exploits3References1
Circl
Circl
added 2023/02/16 12:37 a.m.7 views

CVE-2020-19825

creationtimestamp| type| source ---|---|--- 2023-02-16 00:37:08+00:00| seen| https://t.me/cibsecurity/58299 2025-03-19 19:18:27+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8132...

9.6CVSS8.7AI score0.00697EPSS
Exploits0References2
OSV
OSV
added 2023/02/15 10:15 p.m.20 views

CVE-2020-19825

Cross Site Scripting XSS vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges...

9.6CVSS8.6AI score
Exploits0References2
CVE
CVE
added 2023/02/15 12:0 a.m.69 views

CVE-2020-19825

CVE-2020-19825 affects kevinpapst kimai2 1.30.0. The vulnerability is a Cross-Site Scripting (XSS) in /src/Twig/Runtime/MarkdownExtension.php that allows an attacker to gain escalated privileges. The root cause is malformed/insufficient escaping of user input in the MarkdownExtension processor, e...

9.6CVSS8.5AI score0.00697EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/15 12:0 a.m.6 views

CVE-2020-19825

Cross Site Scripting XSS vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges...

8.5AI score0.00697EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.19 views

CVE-2020-19825

Cross Site Scripting XSS vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges...

8.7AI score0.00697EPSS
Exploits0References2
Check Point Advisories
Check Point Advisories
added 2020/11/23 12:0 a.m.6 views

TOTOLINK Realtek SDK Routers Authentication Bypass (CVE-2019-19825)

An authentication bypass vulnerability exists in TOTOLINK Realtek SDK Routers. Successful exploitation of this vulnerability could allow a remote attacker to gain unauthorized access to the affected system...

7.5CVSS6.4AI score0.29557EPSS
Exploits3
Circl
Circl
added 2020/01/27 9:37 p.m.141 views

CVE-2019-19825

creationtimestamp| type| source ---|---|--- 2020-01-27 21:37:53+00:00| seen| https://t.me/cveNotify/459 2024-11-24 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-11-24 2024-12-14 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities -...

9.8CVSS7.3AI score0.29557EPSS
In wildExploits3References6
CVE
CVE
added 2020/01/27 4:50 p.m.103 views

CVE-2019-19825

Summary of CVE-2019-19825 (Realtek SDK / TOTOLINK routers) Authenticated CAPTCHA bypass vulnerability affecting Realtek SDK-based routers (TOTOLINK and others) via a POST to boafrm/formLogin with payload {"topicurl":"setting/getSanvas"}. The CAPTCHA text can be retrieved without authentication, e...

9.8CVSS9.3AI score0.29557EPSS
In wildExploits3References4Affected Software1
Rows per page
Query Builder