Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

51 matches found

RedhatCVE
RedhatCVEadded 2025/12/30 1:2 a.m.2 views

CVE-2025-68706

A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handler uses sprintf to copy the user-supplied pincode parameter into a fixed 132-byte stack buffer with no bounds checks. This allows an attack...

9.8CVSS7.8AI score0.00185EPSS
Exploits0References1
EUVD
EUVDadded 2025/12/29 9:30 p.m.2 views

EUVD-2025-205631

A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handler uses sprintf to copy the user-supplied pincode parameter into a fixed 132-byte stack buffer with no bounds checks. This allows an attack...

7.6AI score0.00185EPSS
Exploits0References5
OSV
OSVadded 2025/12/29 7:15 p.m.0 views

CVE-2025-68706

A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handler uses sprintf to copy the user-supplied pincode parameter into a fixed 132-byte stack buffer with no bounds checks. This allows an attack...

9.8CVSS6.4AI score0.00185EPSS
Exploits0References4
NVD
NVDadded 2025/12/29 7:15 p.m.1 views

CVE-2025-68706

A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handler uses sprintf to copy the user-supplied pincode parameter into a fixed 132-byte stack buffer with no bounds checks. This allows an attack...

9.8CVSS0.00185EPSS
Exploits0References4
CVE
CVEadded 2025/12/29 12:0 a.m.8 views

CVE-2025-68706

CVE-2025-68706 affects KuWFi 4G LTE AC900 devices running firmware 1.0.13, in the GoAhead-Webs HTTP daemon. The vulnerability is in the /goform/formMultiApnSetting handler, which copies the user-provided pincode into a fixed 132-byte stack buffer using sprintf() without bounds checking. This stac...

9.8CVSS7.8AI score0.00185EPSS
Exploits0References4Affected Software1
CNNVD
CNNVDadded 2025/12/29 12:0 a.m.1 views

KuWFi 4G LTE AC900 安全漏洞

KuWFi 4G LTE AC900 is a WiFi router from KuWFi China. A security vulnerability exists in KuWFi 4G LTE AC900 version 1.0.13, which stems from a lack of bounds checking leading to a stack buffer overflow that could result in a crash or execution of arbitrary code...

9.8CVSS6.2AI score0.00185EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/12/29 12:0 a.m.1 views

CVE-2025-68706

A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handler uses sprintf to copy the user-supplied pincode parameter into a fixed 132-byte stack buffer with no bounds checks. This allows an attack...

7.8AI score0.00185EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/12/29 12:0 a.m.18 views

CVE-2025-68706

A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handler uses sprintf to copy the user-supplied pincode parameter into a fixed 132-byte stack buffer with no bounds checks. This allows an attack...

0.00185EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/12/29 12:0 a.m.3 views

PT-2025-53779

Name of the Vulnerable Software and Affected Versions GoAhead-Webs on KuWFi 4G LTE AC900 version 1.0.13 Description A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon. The /goform/formMultiApnSetting handler uses sprintf to copy the pincode parameter, supplied by the user, into ...

8AI score0.00185EPSS
Exploits0References7
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-24638

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00107EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2024-54881

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00503EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2024-54880

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.0008EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-24639

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00134EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/08/16 12:16 a.m.4 views

CVE-2025-43984

An issue was discovered on KuWFi GC111 devices Hardware Version: CPE-LM321V3.2, Software Version: GC111-GL-LM321V3.020191211. They are vulnerable to unauthenticated /goform/goformsetcmdprocess requests. A crafted POST request, using the SSID parameter, allows remote attackers to execute arbitrary...

9.8CVSS8.5AI score0.00885EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/08/16 12:16 a.m.3 views

CVE-2024-53946

The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery CSRF on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such as exploiting a command injection vulnerability in...

8.8CVSS7.6AI score0.0008EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/08/16 12:16 a.m.4 views

CVE-2024-53945

The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS commands with root privileges via shell metacharacters in parameters such as pincode and cmds...

8.8CVSS8.4AI score0.00503EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/08/15 12:30 a.m.4 views

CVE-2025-43986

An issue was discovered on KuWFi GC111 GC111-GL-LM321V3.020191211 devices. The TELNET service is enabled by default and exposed over the WAN interface without authentication...

9.8CVSS7.3AI score0.00134EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/08/15 12:30 a.m.6 views

CVE-2025-43988

KuWFi 5G01-X55 FL2020V0.0.12 devices expose an unauthenticated API endpoint ajaxget.cgi, allowing remote attackers to retrieve sensitive configuration data, including admin credentials...

7.5CVSS7.5AI score0.00107EPSS
Exploits0References1
NVD
NVDadded 2025/08/14 3:15 p.m.4 views

CVE-2025-43983

KuWFi CPF908-CP5 WEB5.0LCD20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goformsetcmdprocess and goform/goformgetcmdprocess. These allow an unauthenticated attacker to retrieve sensitive information including the device admin username and password,...

9.1CVSS0.00209EPSS
Exploits0References3
NVD
NVDadded 2025/08/14 2:15 p.m.3 views

CVE-2025-43984

An issue was discovered on KuWFi GC111 devices Hardware Version: CPE-LM321V3.2, Software Version: GC111-GL-LM321V3.020191211. They are vulnerable to unauthenticated /goform/goformsetcmdprocess requests. A crafted POST request, using the SSID parameter, allows remote attackers to execute arbitrary...

9.8CVSS0.00885EPSS
Exploits0References4
Rows per page
Query Builder