CVE-2025-8820

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function wirelessBasic of the file /goform/wirelessBasic. The manipulation of the argument submitSSID1 leads to stack-based buffer overflow. The attack can be...

CVE-2025-8821

CVE-2025-8821 affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 series. Root cause: manipulation of the bssid argument in RP_setBasic (/goform/RP_setBasic) enables OS command injection. Vulnerable versions are listed up to 20250801. Exploitation may be initiated remotely; the exploit has ...

Catalyst::Authentication::Credential::HTTP 安全漏洞

Catalyst::Authentication::Credential::HTTP is a Catalyst open source HTTP basic and digest authentication library. A security vulnerability exists in Catalyst::Authentication::Credential::HTTP version 1.018 and earlier that stems from the use of a non-strongly encrypted source to generate a nonce...

Linksys多款产品 命令注入漏洞

The Linksys RE6250, among others, is a wireless extender from Linksys USA. A command injection vulnerability exists in various Linksys products. The vulnerability stems from improper manipulation of the bssid parameter in the RPsetBasic function, which may result in os command injection. The...

Linksys多款产品 命令注入漏洞

The Linksys RE6250, among others, is a wireless extender from Linksys USA. A command injection vulnerability exists in various Linksys products. The vulnerability stems from improper manipulation of the staticIp and staticNetmask parameters by the RPsetBasicAuto function, which may result in os...

PT-2025-32524 · Jcg · Jcg Link-Net Lw-N915R

Name of the Vulnerable Software and Affected Versions: JCG Link-net LW-N915R version 17s.20.001.908 Description: A vulnerability exists in the Wireless Basic Settings Page component of JCG Link-net LW-N915R version 17s.20.001.908. Manipulation of the Network Name argument in the /wireless/basic.a...

CVE-2025-8820 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 wirelessBasic stack-based overflow

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function wirelessBasic of the file /goform/wirelessBasic. The manipulation of the argument submitSSID1 leads to stack-based buffer overflow. The attack can be...

CVE-2025-8765

A vulnerability classified as problematic was found in Datacom DM955 5GT 1200 825.8010.00. Affected by this vulnerability is an unknown functionality of the component Wireless Basic Settings. The manipulation of the argument SSID leads to cross site scripting. The attack can be launched remotely...

CVE-2025-8765 Datacom DM955 5GT 1200 Wireless Basic Settings cross site scripting

A vulnerability classified as problematic was found in Datacom DM955 5GT 1200 825.8010.00. Affected by this vulnerability is an unknown functionality of the component Wireless Basic Settings. The manipulation of the argument SSID leads to cross site scripting. The attack can be launched remotely...

CVE-2025-8765 Datacom DM955 5GT 1200 Wireless Basic Settings cross site scripting

A vulnerability classified as problematic was found in Datacom DM955 5GT 1200 825.8010.00. Affected by this vulnerability is an unknown functionality of the component Wireless Basic Settings. The manipulation of the argument SSID leads to cross site scripting. The attack can be launched remotely...

CVE-2025-8765

CVE-2025-8765 affects Datacom DM955 5GT 1200 (825.8010.00) and is due to manipulation of the SSID parameter in Wireless Basic Settings, enabling reflected cross-site scripting. The vulnerability is exploitable remotely and exploitation has been disclosed publicly. Impact is limited to confidentia...

CVE-2012-10024

XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw ...

Linux Distros Unpatched Vulnerability : CVE-2025-8031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was...

PT-2025-32504 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 versions up to 20250801 Description: A stack-based buffer overflow vulnerability exists in the um rp autochannel function within the /goform/RP setBasicAuto file of affected Linksys...

PT-2025-32515 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders due to a flaw in the um inspect cross band function within the /goform/RP setBasicAuto file...

PT-2025-32497 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists due to a stack-based buffer overflow in the wirelessBasic function within the /goform/wirelessBasic file. The vulnerability ...

firefox: thunderbird: Incorrect URL stripping in CSP reports

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...

MAL-2025-191689 Malicious code in backtradingbot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 117c24f5b7a0f5e4921e4478231a717ecca01748a5b266d8984e619f06173984 Running the installed entry point downloads and executes remote code. During the analysis, the code was switching to websockets, adding a startup script and...

Malicious code in deno-r4-basic (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6713 Malicious code in deno-r4-basic (npm)

The package communicates with a domain associated with malicious activity...