Lucene search
K

417 matches found

Snyk
Snyk
added 2026/05/18 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/11 6:31 p.m.6 views

GHSA-HR4R-FWPV-C95J pgAdmin 4 File Manager has symbolic-link path traversal

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.11 views

pgAdmin 4 File Manager has symbolic-link path traversal

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/11 4:17 p.m.20 views

CVE-2026-7819

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

8.1CVSS0.00359EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 2:35 p.m.7 views

CVE-2026-7819

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 8:41 p.m.6 views

GHSA-VR7J-G7JV-H5MP OpenClaw session transcript files were created without forced user-only permissions

openclaw created new session transcript JSONL files with overly broad default permissions in affected releases. On multi-user hosts, other local users or processes could read transcript contents, including secrets that might appear in tool output. Affected Packages / Versions - Package: openclaw...

5.7CVSS5.8AI score0.0012EPSS
Exploits0References5
CNVD
CNVD
added 2026/02/11 12:0 a.m.3 views

D-Link DIR-600 Command Injection Vulnerability

The D-Link DIR-600 is a wireless router from China's AUO D-Link. A command injection vulnerability exists in D-Link DIR-600 2.15WWb02 and earlier versions, which stems from the failure to properly filter constructed command special characters, commands, etc. in the parameter...

7.2CVSS5.9AI score0.0568EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/09 7:23 p.m.5 views

CVE-2026-2163

A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command injection. The attack may be launched remotely. The exploit is publicly availabl...

7.2CVSS5.5AI score0.0568EPSS
Exploits1References1
OSV
OSV
added 2026/02/08 5:15 p.m.6 views

CVE-2026-2163

A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command injection. The attack may be launched remotely. The exploit is publicly availabl...

7.2CVSS5.7AI score0.0568EPSS
Exploits1References6
NVD
NVD
added 2026/02/08 5:15 p.m.12 views

CVE-2026-2163

A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command injection. The attack may be launched remotely. The exploit is publicly availabl...

7.2CVSS0.0568EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/08 4:32 p.m.34 views

CVE-2026-2163 D-Link DIR-600 ssdp.cgi command injection

A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command injection. The attack may be launched remotely. The exploit is publicly availabl...

5.8CVSS0.0568EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/02/08 4:32 p.m.10 views

CVE-2026-2163

A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command injection. The attack may be launched remotely. The exploit is publicly availabl...

5.8CVSS5.1AI score0.0568EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/02/08 4:32 p.m.7 views

EUVD-2026-5786

A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command injection. The attack may be launched remotely. The exploit is publicly availabl...

7.2CVSS5AI score0.0568EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.14 views

PT-2026-6994

Name of the Vulnerable Software and Affected Versions D-Link DIR-600 versions prior to 2.15WWb02 Description A flaw exists in D-Link DIR-600 firmware up to version 2.15WWb02 related to the ssdp.cgi file. Manipulation of the HTTP ST/REMOTE ADDR/REMOTE PORT/SERVER ID argument can lead to command...

5.8CVSS5.5AI score0.0568EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.10 views

D-Link DIR-600 命令注入漏洞

The D-Link DIR-600 is a wireless router from China's AUO D-Link. A command injection vulnerability exists in D-Link DIR-600 2.15WWb02 and earlier versions, which stems from the failure to properly filter constructed command special characters, commands, etc. in the parameter...

7.2CVSS6AI score0.0568EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.4 views

CVE-2025-15505

A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wireless Profile SSID results in cross site scripting. The attack may be launched remotely. The exploit...

4.8CVSS5.3AI score0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/01/11 2:15 a.m.4 views

CVE-2025-15505

A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wireless Profile SSID results in cross site scripting. The attack may be launched remotely. The exploit...

4.8CVSS0.00206EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/11 1:32 a.m.26 views

CVE-2025-15505 Luxul XWR-600 Web Administration cross site scripting

A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wireless Profile SSID results in cross site scripting. The attack may be launched remotely. The exploit...

4.8CVSS0.00206EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/11 1:32 a.m.4 views

CVE-2025-15505 Luxul XWR-600 Web Administration cross site scripting

A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wireless Profile SSID results in cross site scripting. The attack may be launched remotely. The exploit...

4.8CVSS5.2AI score0.00206EPSS
Exploits0References4
CVE
CVE
added 2026/01/11 1:32 a.m.14 views

CVE-2025-15505

Luxul XWR-600 Web Administration Interface is affected by a cross-site scripting vulnerability, tracked as CVE-2025-15505, impacting versions up to 4.0.1. The flaw arises from manipulating the Guest Network/Wireless Profile SSID argument, enabling remote exploitation. Multiple sources confirm pub...

4.8CVSS3.2AI score0.00206EPSS
Exploits0References4
Rows per page
Query Builder