Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

62 matches found

CNNVD
CNNVDadded 2026/05/04 12:0 a.m.7 views

Yeapook WDR201A WiFi Extender 操作系统命令注入漏洞

The Yeapook WDR201A WiFi Extender is a wireless signal extension device from the Yeapook company. The Yeapook WDR201A WiFi Extender HW V2.1 version and FW LFMZX28040922V1.02 version have a vulnerability related to operating system command injection. This vulnerability stems from the sz11gChannel ...

9.3CVSS6.1AI score0.01358EPSS
Exploits0References4
EUVD
EUVDadded 2026/02/25 10:58 p.m.3 views

EUVD-2026-8763

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact i...

10CVSS6.4AI score0.00156EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/02/25 10:58 p.m.22 views

CVE-2026-27613 CGI Parameter Injection (Bypass of STRICT_CGI_PARAMS and EscapeShellParam)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact i...

10CVSS0.00156EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/01/12 6:23 p.m.2 views

CVE-2026-22781 TinyWeb CGI Command Injection

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query parameters are passed as command-line arguments to the CGI executable via Windows CreateProcess. An...

10CVSS7.8AI score0.0061EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/11/14 12:1 a.m.1 views

CVE-2025-60689

An unauthenticated command injection vulnerability exists in the StartEPI function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The vulnerability occurs because user-supplied CGI parameters wlant, wlssid, wlrate, ttcpnum, ttcpip, ttcpsize are concatenated in...

5.4CVSS8.5AI score0.00182EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/11/14 12:1 a.m.2 views

CVE-2025-60693

A stack-based buffer overflow exists in the getmergemac function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function concatenates up to six user-supplied CGI parameters matching 05 into a fixed-size buffer a2 without proper bounds checking, appending...

6.5CVSS8.1AI score0.02254EPSS
Exploits1References1
OSV
OSVadded 2025/11/13 5:15 p.m.1 views

CVE-2025-60694

A stack-based buffer overflow exists in the validatestaticroute function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function improperly concatenates user-supplied CGI parameters routeipaddr03, routenetmask03, routegateway03 into fixed-size buffers v6,...

7.5CVSS6.6AI score0.02846EPSS
Exploits1References3
OSV
OSVadded 2025/11/13 5:15 p.m.2 views

CVE-2025-60690

A stack-based buffer overflow exists in the getmergeipaddr function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function concatenates up to four user-supplied CGI parameters matching 03 into a fixed-size buffer a2 without bounds checking. Remote attacke...

8.8CVSS6.6AI score0.05608EPSS
Exploits3References3
OSV
OSVadded 2025/11/13 4:15 p.m.0 views

CVE-2025-60689

An unauthenticated command injection vulnerability exists in the StartEPI function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The vulnerability occurs because user-supplied CGI parameters wlant, wlssid, wlrate, ttcpnum, ttcpip, ttcpsize are concatenated in...

5.4CVSS6.2AI score0.00182EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2025/11/13 12:0 a.m.2 views

PT-2025-46858

Name of the Vulnerable Software and Affected Versions Linksys E1200 v2 routers versions prior to 2.0.11.001 us Description A flaw exists in the get merge ipaddr function within the httpd binary. This function does not properly validate the length of data when combining user-supplied CGI parameter...

8.8CVSS7.7AI score0.05608EPSS
Exploits3References7
Cvelist
Cvelistadded 2025/11/13 12:0 a.m.5 views

CVE-2025-60690

A stack-based buffer overflow exists in the getmergeipaddr function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function concatenates up to four user-supplied CGI parameters matching 03 into a fixed-size buffer a2 without bounds checking. Remote attacke...

0.05608EPSS
Exploits3References4
CVE
CVEadded 2025/11/13 12:0 a.m.7 views

CVE-2025-60689

CVE-2025-60689 affects Linksys E1200 v2 routers (firmware E1200_v2.0.11.001_us.tar.gz). The issue is an unauthenticated command-injection in the httpd Start_EPI function: user-supplied CGI parameters (wl_ant, wl_ssid, wl_rate, ttcp_num, ttcp_ip, ttcp_size) are concatenated into system commands an...

5.4CVSS8.1AI score0.00182EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologiesadded 2025/11/13 12:0 a.m.2 views

PT-2025-46880

Name of the Vulnerable Software and Affected Versions Linksys E1200 v2 routers version E1200 v2.0.11.001 us.tar.gz Description A stack-based buffer overflow exists in the get merge mac function of the httpd binary. The function concatenates up to six user-supplied CGI parameters matching paramete...

6.5CVSS8AI score0.02254EPSS
Exploits1References5
Cvelist
Cvelistadded 2025/11/13 12:0 a.m.4 views

CVE-2025-60689

An unauthenticated command injection vulnerability exists in the StartEPI function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The vulnerability occurs because user-supplied CGI parameters wlant, wlssid, wlrate, ttcpnum, ttcpip, ttcpsize are concatenated in...

0.00182EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2025/11/13 12:0 a.m.3 views

PT-2025-46857

An unauthenticated command injection vulnerability exists in the Start EPI function of the httpd binary on Linksys E1200 v2 routers Firmware E1200 v2.0.11.001 us.tar.gz. The vulnerability occurs because user-supplied CGI parameters wl ant, wl ssid, wl rate, ttcp num, ttcp ip, ttcp size are...

8.5AI score0.00182EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2018-1451

Malware in sbrugna...

7.2CVSS7AI score0.02037EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2018-10900

Malware in sbrugna...

5.4CVSS5.5AI score0.01753EPSS
Exploits2References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2014-1649

Malware in sbrugna...

4.3CVSS6AI score0.00869EPSS
Exploits0References17
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2005-3354

Malware in sbrugna...

6.4CVSS6.1AI score0.00678EPSS
Exploits0References12
RedhatCVE
RedhatCVEadded 2025/05/23 6:39 a.m.2 views

CVE-2024-33439

An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters...

9.1CVSS7.8AI score0.01131EPSS
Exploits0References1
Rows per page
Query Builder