CVE-2020-37125

Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by sending crafted POST requests with command injection payloads to download a...

EUVD-2025-37125

Malicious code in epic-node-cms npm...

CVE-2025-37125

creationtimestamp| type| source ---|---|--- 2025-09-16 22:43:37+00:00| seen| Telegram/ib08fXgLB-s8xfZK3DZUlki0FIrle2sZcWYCSsq4mNc243A...

CVE-2025-37125

CVE-2025-37125 affects HPE Aruba Networking EdgeConnect OS (ECOS). The issue is described as a broken access control that could allow bypassing firewall protections and improper handling of unauthorized traffic. Connected sources corroborate ECOS involvement and reference public advisories; some ...

MAL-2025-37125 Malicious code in tpwjgfirhlekodkb (npm)

The package tpwjgfirhlekodkb was found to contain malicious code...

CVE-2022-37125

D-link DIR-816 A2v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost...

CVE-2024-37125

creationtimestamp| type| source ---|---|--- 2024-09-26 19:40:37+00:00| seen| https://t.me/cvedetector/6432...

CVE-2023-37125

creationtimestamp| type| source ---|---|--- 2023-07-06 18:20:37+00:00| seen| https://t.me/cibsecurity/66093...

CVE-2023-37125

A stored cross-site scripting XSS vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-37125

A stored cross-site scripting XSS vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-37125

CVE-2023-37125 affects SEACMS v12.1, with a stored XSS in the Management Custom label module allowing crafted payloads to execute arbitrary client-side scripts. CVSSv3.1 base score 5.4 (Medium) with UI:R, Privileges: LOW, Attack Vector: Network. Connected sources confirm the affected component an...

CVE-2023-37125

A stored cross-site scripting XSS vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

D-Link DIR816L Command Injection (CVE-2022-28915; CVE-2022-28958; CVE-2022-37123; CVE-2022-37125; CVE-2022-37129)

A command injection vulnerability exists in D-Link DIR816L. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

CVE-2022-37125

creationtimestamp| type| source ---|---|--- 2022-09-01 02:37:14+00:00| seen| https://t.me/cibsecurity/49151...

CVE-2022-37125

CVE-2022-37125 affects D-Link DIR-816 A2, specifically the /goform/NTPSyncWithHost endpoint. The connected documents consistently indicate a command injection vulnerability in the DIR-816 A2_v1.10CNB04.img, enabling arbitrary command execution via that API. The CVE entry lists a high/critical imp...

CVE-2021-37125

The connected documents confirm CVE-2021-37125 relates to Huawei HarmonyOS. The vulnerability is an information-disclosure issue caused by insufficient input validation in a HarmonyOS component, leading to unauthorized access to sensitive data and compromising confidentiality. No exploit details ...

CVE-2021-37125

Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause confidentiality is affected...