Lucene search
+L

1405 matches found

nuclei
nuclei
added yesterday93 views

Telesquare TLR-2855KS6 - Arbitrary File Creation

An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts. id: CVE-2021-46418 info: name: Telesquare TLR-2855KS6 - Arbitrary File Creation author: DhiyaneshDK severity: high description: | An unauthorized file creation vulnerability in...

7.5CVSS7AI score0.23945EPSS
Exploits4References3
nuclei
nuclei
added yesterday216 views

Lighttpd 1.4.34 SQL Injection and Path Traversal

A SQL injection vulnerability in modmysqlvhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name related to requestcheckhostname. id: CVE-2014-2323 info: name: Lighttpd 1.4.34 SQL Injection and Path Traversal author: geeknik severity: critical...

9.8CVSS7.1AI score0.61665EPSS
Exploits2References5
cve
cve
added 3 days ago9 views

CVE-2026-15701

CVE-2026-15701 affects Totolink NR1800X (firmware 9.1.0u.6279_B20210910) where the vulnerable component is lighttpd’s Form_Logout function in /formLogout.htm. The issue arises from manipulating the Host argument, triggering a stack-based buffer overflow. The vulnerability is exploitable remotely,...

10CVSS7.4AI score0.00785EPSS
Exploits0References6
cvelist
cvelist
added 3 days ago30 views

CVE-2026-15701 Totolink NR1800X lighttpd formLogout.htm Form_Logout stack-based overflow

A weakness has been identified in Totolink NR1800X 9.1.0u.6279B20210910. Affected by this issue is the function FormLogout of the file /formLogout.htm of the component lighttpd. This manipulation of the argument Host causes stack-based buffer overflow. The attack is possible to be carried out...

10CVSS0.00785EPSS
Exploits0References6
fedora
fedora
added 2026/06/27 1:12 a.m.19 views

[SECURITY] Fedora 44 Update: lighttpd-1.4.84-1.fc44

lighttpd pronounced /lighty/ is a secure, fast, compliant, and very flexible web server that has been optimized for high-performance environments. lighttpd uses memory and CPU efficiently and has lower resource use than other popular web servers. Its advanced feature-set FastCGI, CGI, Auth,...

5.7AI score
Exploits0
fedora
fedora
added 2026/06/27 12:56 a.m.19 views

[SECURITY] Fedora 43 Update: lighttpd-1.4.84-1.fc43

lighttpd pronounced /lighty/ is a secure, fast, compliant, and very flexible web server that has been optimized for high-performance environments. lighttpd uses memory and CPU efficiently and has lower resource use than other popular web servers. Its advanced feature-set FastCGI, CGI, Auth,...

5.7AI score
Exploits0
nessus
nessus
added 2026/05/22 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: lighttpd (UTSA-2026-016637)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016637 advisory. In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes representing -1, as...

5.9CVSS6.6AI score0.08969EPSS
Exploits1References4
redhatcve
redhatcve
added 2026/05/02 2:47 a.m.7 views

CVE-2026-7546

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. The impacted element is the function findhostip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been...

10CVSS6.3AI score0.00754EPSS
Exploits0References1
nvd
nvd
added 2026/05/01 3:16 a.m.5 views

CVE-2026-7546

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. The impacted element is the function findhostip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been...

10CVSS0.00754EPSS
Exploits0References5
euvd
euvd
added 2026/05/01 2:15 a.m.6 views

EUVD-2026-26473

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. The impacted element is the function findhostip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been...

10CVSS9.4AI score0.00754EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/05/01 2:15 a.m.5 views

CVE-2026-7546 Totolink NR1800X lighttpd find_host_ip stack-based overflow

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. The impacted element is the function findhostip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been...

10CVSS7.8AI score0.00754EPSS
Exploits0References5
cve
cve
added 2026/05/01 2:15 a.m.15 views

CVE-2026-7546

Totolink NR1800X firmware 9.1.0u.6279_B20210910 contains a stack-based overflow in lighttpd’s find_host_ip when Host is manipulated. This remote vulnerability has a publicly disclosed exploit. No remediation details are provided in the supplied documents.

10CVSS9.4AI score0.00754EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/05/01 2:15 a.m.4 views

CVE-2026-7546

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. The impacted element is the function findhostip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been...

10CVSS6.1AI score0.00754EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2026/05/01 2:15 a.m.51 views

CVE-2026-7546 Totolink NR1800X lighttpd find_host_ip stack-based overflow

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. The impacted element is the function findhostip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been...

10CVSS0.00754EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/05/01 12:0 a.m.10 views

TOTOLINK NR1800X 缓冲区错误漏洞

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE device from TOTOLINK Corporation. It aims to provide fast and convenient NR fixed data service deployment for homes and offices. The TOTOLINK NR1800X version 9.1.0u.6279B20210910 contains a buffer error vulnerability. This...

10CVSS7.7AI score0.00754EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/01 12:0 a.m.14 views

PT-2026-36293

Name of the Vulnerable Software and Affected Versions Totolink NR1800X version 9.1.0u.6279 B20210910 Description A stack-based buffer overflow exists in the lighttpd component. This issue occurs when the find host ip function improperly handles the Host argument, allowing a remote attacker to...

10CVSS7.7AI score0.00754EPSS
Exploits0References17
nvd
nvd
added 2026/02/24 3:21 p.m.7 views

CVE-2025-67445

TOTOLINK X5000R V9.1.0cu.2415B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENTLENGTH environment variable and allocates memory using malloc CONTENTLENGTH + 1 without sufficient bounds checking. When lighttpd s request size limit is not enforce...

7.5CVSS0.00332EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/02/24 1:44 a.m.6 views

CVE-2025-70329

TOTOLink X5000R v9.1.0cu2415B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd executable. The vlanVidLan1 and other vlanVidLanX parameters are retrieved via UciGetStr and passed to the CsteSystem function without adequate validation or...

8CVSS6AI score0.03183EPSS
Exploits1References1
packetstorm
packetstorm
added 2026/02/24 12:0 a.m.145 views

📄 Tattile Cameras 1.181.5 Default Credentials

Tattile Cameras version 1.181.5 ship with default credentials that remain active after installation and commissioning without enforcing a mandatory password change. Tattile Cameras 1.181.5 Use of Default Credentials Vendor: Tattile s.r.l. Product web page: https://www.tattile.com Affected version...

9.8CVSS5.5AI score0.02663EPSS
Exploits3
zeroscience
zeroscience
added 2026/02/24 12:0 a.m.139 views

Tattile Cameras 1.181.5 Insufficient Token (X-User-Token) Expiration

Summary Tattile is an Italian manufacturer specializing in advanced ANPR/ALPR, traffic‑enforcement, and machine‑vision camera systems used across intelligent transportation networks, tolling infrastructures, access‑control environments, and industrial automation. Their portfolio includes...

9.8CVSS5.8AI score0.00716EPSS
Exploits3
Rows per page
Query Builder