CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/01/30 1:0 a.m.•68 views

CVE-2025-0848

The CVE-2025-0848 entry concerns the Tenda A18 router (versions up to 15.13.07.09) with a vulnerability in the HTTP POST handler function SetCmdlineRun. The root cause is a stack-based buffer overflow triggered by manipulating the wpapsk_crypto5g argument, which can be exploited remotely. Public ...

9.8CVSS6.7AI score0.01019EPSS

Exploits1References5Affected Software1

Positive Technologies•added 2025/01/27 12:0 a.m.•5 views

PT-2025-2603 · Zyxel · Zyxel Vmg4325-B10A

Name of the Vulnerable Software and Affected Versions: Zyxel VMG4325-B10A firmware version 1.00AAFR.4C0 20170615 Description: A post-authentication command injection issue in the CGI program could allow an authenticated attacker to execute operating system commands on an affected device by sendin...

10CVSS9.8AI score0.19406EPSS

Exploits0References28

CNVD•added 2025/01/17 12:0 a.m.•5 views

D-Link DIR-878 Information Disclosure Vulnerability

The D-Link DIR-878 is a wireless router from China's AUO D-Link. An information disclosure vulnerability exists in the D-Link DIR-878 version 1.03, which stems from insufficient protection of sensitive information in the component HTTP POST request handler, and can be exploited by an attacker to...

7.5CVSS6.1AI score0.01386EPSS

Exploits0References1

OSV•added 2025/01/15 7:15 p.m.•1 views

CVE-2025-0481

A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS5AI score0.01386EPSS

NVD•added 2025/01/15 7:15 p.m.•21 views

CVE-2025-0481

7.5CVSS0.01386EPSS

Cvelist•added 2025/01/15 7:0 p.m.•19 views

CVE-2025-0481 D-Link DIR-878 HTTP POST Request dllog.cgi information disclosure

6.9CVSS0.01386EPSS

Vulnrichment•added 2025/01/15 7:0 p.m.•14 views

CVE-2025-0481 D-Link DIR-878 HTTP POST Request dllog.cgi information disclosure

6.9CVSS6.8AI score0.01386EPSS

CVE•added 2025/01/15 7:0 p.m.•63 views

CVE-2025-0481

CVE-2025-0481 affects D-Link DIR-878 (firmware 1.03). The issue is in an unknown function of the /dllog.cgi HTTP POST Request Handler, leading to information disclosure. It can be exploited remotely, and multiple sources describe public exploits or disclosures. The provided connected documents co...

7.5CVSS5.2AI score0.01386EPSS

Exploits0References5Affected Software1

CNNVD•added 2025/01/15 12:0 a.m.•3 views

D-Link DIR-878 安全漏洞

7.5CVSS5.1AI score0.01386EPSS

Exploits0References1

Positive Technologies•added 2025/01/15 12:0 a.m.•5 views

PT-2025-1265 · D Link · D-Link Dir-878

Name of the Vulnerable Software and Affected Versions: D-Link DIR-878 version 1.03 Description: A vulnerability has been found in the D-Link DIR-878, affecting an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. This issue leads to information disclosure and can...

7.5CVSS5.3AI score0.01386EPSS

Exploits0References12

NVD•added 2025/01/09 5:15 a.m.•10 views

CVE-2025-0331

A vulnerability, which was classified as critical, has been found in YunzMall up to 2.4.2. This issue affects the function changePwd of the file /app/platform/controllers/ResetpwdController.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to weak password...

6.9CVSS0.00523EPSS

NVD•added 2025/01/09 5:15 a.m.•10 views

CVE-2025-0328

A vulnerability, which was classified as critical, has been found in KaiYuanTong ECT Platform up to 2.0.0. Affected by this issue is some unknown functionality of the file /public/server/runCode.php of the component HTTP POST Request Handler. The manipulation of the argument code leads to command...

7.5CVSS0.02176EPSS

Vulnrichment•added 2025/01/09 4:31 a.m.•5 views

CVE-2025-0331 YunzMall HTTP POST Request ResetpwdController.php changePwd password recovery

6.9CVSS6.6AI score0.00523EPSS

Cvelist•added 2025/01/09 4:31 a.m.•16 views

CVE-2025-0331 YunzMall HTTP POST Request ResetpwdController.php changePwd password recovery

6.9CVSS0.00523EPSS

CVE•added 2025/01/09 4:31 a.m.•51 views

CVE-2025-0331

CVE-2025-0331 affects YunzMall up to 2.4.2, in the HTTP POST handler function changePwd of /app/platform/controllers/ResetpwdController.php. The root cause is manipulation of the pwd parameter, enabling weak password recovery. The attack can be remote and exploits have been disclosed publicly; th...

6.9CVSS5.5AI score0.00523EPSS

CVE•added 2025/01/09 4:31 a.m.•56 views

CVE-2025-0328

KaiYuanTong ECT Platform up to 2.0.0 is affected in the HTTP POST Request Handler, specifically /public/server/runCode.php. The vulnerability stems from improper handling of the code argument, enabling command injection. Exploitation can be remote, and public proof-of-concept/ exploits are disclo...

7.5CVSS7.7AI score0.02176EPSS

OSV•added 2025/01/09 3:15 a.m.•1 views

CVE-2024-13200

A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access...

7.5CVSS5.5AI score0.00471EPSS

Cvelist•added 2025/01/09 1:0 a.m.•11 views

CVE-2024-13200 wander-chu SpringBoot-Blog HTTP POST Request BaseInterceptor.java preHandle access control

7.5CVSS0.00471EPSS

Vulnrichment•added 2025/01/09 1:0 a.m.•4 views

CVE-2024-13200 wander-chu SpringBoot-Blog HTTP POST Request BaseInterceptor.java preHandle access control

7.5CVSS6.8AI score0.00471EPSS