CVE-2026-30874

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

CVE-2026-32721

LuCI (OpenWrt configuration interface) is affected by a stored XSS in the wireless scan modal within luci-mod-network. The vulnerability arises because SSIDs from scan results are rendered as raw HTML via innerHTML in wireless.js when passed to dom.append(), allowing a malicious SSID to execute a...

EUVD-2026-13378

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

CVE-2026-30874 OpenWrt procd PATH Environment Variable Filter Bypass via Incorrect String Comparison Leads to Privilege Escalation

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

CVE-2026-30874

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

CVE-2026-30872

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the matchipv6addresses function, triggered when processing PTR queries for IPv6 reverse DNS domains .ip6.arpa receiv...

CVE-2026-30873 OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

CVE-2026-30873 OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

CVE-2026-30872 OpenWrt Project has a Stack-based Buffer Overflow vulnerability via IPv6 reverse DNS lookup

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the matchipv6addresses function, triggered when processing PTR queries for IPv6 reverse DNS domains .ip6.arpa receiv...

EUVD-2026-13247

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parsequestion function. The issue is triggered by PTR queries for reverse DNS domains .in-addr.arpa and .ip6.arp...

PT-2026-26382

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jp get token function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

OpenWrt 安全漏洞

OpenWrt is an open-source Linux operating system designed for embedded devices. Versions prior to OpenWrt 24.10.6 and 25.12.1 contained security vulnerabilities. These vulnerabilities were caused by a stack buffer overflow in the matchipv6addresses function of the mdns daemon, which could lead to...

OpenWrt 安全漏洞

OpenWrt is an open-source Linux operating system designed for embedded devices. Versions of OpenWrt prior to 24.10.6 contained security vulnerabilities. These vulnerabilities were caused by a bypass of environment variable filtering in the hotplugcall function, which could lead to privilege...

PT-2026-26380

Name of the Vulnerable Software and Affected Versions OpenWrt Project versions prior to 24.10.6 and versions prior to 25.12.1 Description The OpenWrt Project, a Linux operating system for embedded devices, is affected by a Stack-based Buffer Overflow in the mdns daemon. The issue resides within t...

PT-2026-26381

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the match ipv6 addresses function, triggered when processing PTR queries for IPv6 reverse DNS domains .ip6.arpa...

OpenWrt 安全漏洞

OpenWrt is an open-source Linux operating system designed for embedded devices. Versions prior to OpenWrt 24.10.6 and 25.12.1 contained security vulnerabilities. These vulnerabilities were caused by a stack buffer overflow in the parsequestion function of the mdns daemon, which could lead to remo...

CVE-2025-8432 CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON

Incorrect Default Permissions vulnerability in Centreon Infra Monitoring MBI modules allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15...

PT-2025-43928

Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring versions 23.10.0 through 23.10.15 Centreon Infra Monitoring versions 24.04.0 through 24.04.9 Centreon Infra Monitoring versions 24.10.0 through 24.10.6 Description A flaw exists in Centreon Infra Monitoring MBI module...

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for network, system and application resources. A security vulnerability exists in Centreon that stems from improperly set default permissions, which could lead ...