Lucene search
K

405 matches found

Fedora
Fedora
added 2026/03/25 1:39 a.m.6 views

[SECURITY] Fedora 43 Update: python-multipart-1.3.1-1.fc43

This module provides a fast incremental non-blocking parser for multipart/form-data HTML5, RFC7578, as well as blocking alternatives for easier use in WSGI or CGI applications...

7.5CVSS5.9AI score0.00699EPSS
Exploits0
EUVD
EUVD
added 2026/03/20 9:32 a.m.5 views

EUVD-2026-13598

A vulnerability was found in Yi Technology YI Home Camera 2 2.1.120171024151200. The impacted element is an unknown function of the file home/web/ipc of the component CGI Endpoint. Performing a manipulation results in missing authentication. Access to the local network is required for this attack...

6.3CVSS6AI score0.00316EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/03/17 12:0 a.m.7 views

Terrapack Arbitrary File Upload

Terrapack software suffers from an arbitrary file upload vulnerability that may allow attackers to execute arbitrary code. Affected software includes Terrapack TkWebCoreNG version 1.0.20200914, TKServerCGI version 2.5.4.150, and TpkWebGIS - Client version 1.0.0...

6AI score0.00384EPSS
Exploits0
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2026-12275

A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function...

6.5CVSS5.6AI score0.03831EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.6 views

PT-2026-25589

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function cgi create...

6.5CVSS5.5AI score0.04088EPSS
Exploits1References15
NVD
NVD
added 2026/03/06 4:16 a.m.10 views

CVE-2026-29046

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...

9.2CVSS0.00387EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.12 views

TinyWeb 安全漏洞

TinyWeb is a simple and lightweight HTTP server developed by Konstantin Belyalov. Versions of TinyWeb prior to 2.04 contained security vulnerabilities. These vulnerabilities stemmed from the parser not strictly rejecting dangerous control characters in header lines and header values, which could...

9.2CVSS6AI score0.00387EPSS
Exploits1References2
Huntr
Huntr
added 2026/02/25 2:50 a.m.12 views

Gateway API Authorization Bypass: Any Authenticated User Can Enumerate Secrets, Endpoints, and Model Definitions

This report is not public...

6.5CVSS6.6AI score0.00244EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/02/16 6:57 p.m.4 views

tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...

7.3CVSS5.7AI score0.02736EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/02/16 6:55 p.m.4 views

tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...

7.3CVSS5.7AI score0.02736EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/16 4:32 p.m.4 views

CVE-2026-2565

A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument timezone causes stack-based buffer overflow. The attack can be initiated remotely. The attack is considered to have high...

7.5CVSS6AI score0.00751EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/02/09 8:15 p.m.6 views

CVE-2026-25480

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord substitution without separators, creating key collisions. When FileStore is used as response-cache backend, an unauthenticated remo...

6.5CVSS0.00412EPSS
Exploits1References4
NVD
NVD
added 2026/02/09 8:16 a.m.12 views

CVE-2026-22905

An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences e.g., /js/../cgi-bin/post.cgi, gaining unauthorized access to protected CGI endpoints and configuration downloads...

7.5CVSS0.00619EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.9 views

PT-2026-7083

An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences e.g., /js/../cgi-bin/post.cgi, gaining unauthorized access to protected CGI endpoints and configuration downloads...

7.5CVSS5.6AI score0.00619EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.8 views

PPC 2K05X 安全漏洞

The PPC 2K05X is an industrial router produced by the American company PPC. The PPC 2K05X v1.1.9206L version contains a security vulnerability. This vulnerability stems from improper handling of user input by the Universal Gateway Interface component, which may lead to storage-based cross-site...

6.1CVSS5.6AI score0.00306EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/04 12:0 a.m.4 views

EUVD-2025-206812

A stored cross-site scripting XSS vulnerability exists in the web management interface of the PPC Belden ONT 2K05X router running firmware v1.1.9206L. The Common Gateway Interface CGI component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary...

6.1CVSS5.2AI score0.00306EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/03 2:0 p.m.4 views

CVE-2025-14550

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. ASGIRequest allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not...

7.5CVSS7.1AI score0.00993EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.9 views

TOTOLINK A7000R Command Injection Vulnerability

TOTOLINK A7000R is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A7000R version 4.1cu.4154 contains a command injection vulnerability. This vulnerability arises from incorrect handling of the parameter FileName in the file /cgi-bin/cstecgi.cgi, which may lead to command...

6.5CVSS6.6AI score0.0218EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/20 2:20 p.m.4 views

CVE-2026-1156

A vulnerability was determined in Totolink LR350 9.3.5u.6369B20220309. Affected by this issue is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

9CVSS8.4AI score0.00619EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : Apache HTTP Server vulnerabilities (USN-7968-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7968-1 advisory. It was discovered that the Apache HTTP Server incorrectly handled failed ACME certificate renewals. This could result in renewal...

8.3CVSS7.8AI score0.01527EPSS
Exploits0References5
Rows per page
Query Builder