Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

377 matches found

NVD
NVDadded 4 hours ago4 views

CVE-2026-11449

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS
Exploits0References6
Cvelist
Cvelistadded 5 hours ago5 views

CVE-2026-11449 GL.iNet GL-MT3000 LuCI JSON-RPC rpc rpc_sys command injection

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 5 hours ago2 views

CVE-2026-11449

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS5.2AI score
Exploits0References7Affected Software1
CVE
CVEadded 5 hours ago8 views

CVE-2026-11449

GL.iNet GL-MT3000 (v4.4.5) is affected by a remote command injection in LuCI JSON-RPC Interface, via the rpc_sys function in /cgi-bin/luci/rpc. Root cause is not explicitly stated beyond the vulnerability description; CVSS metrics in the connected sources indicate MEDIUM severity (CVSSv3.1 base 6...

6.5CVSS6.2AI score
Exploits0References6
Positive Technologies
Positive Technologiesadded 7 hours ago6 views

PT-2026-47170

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpc sys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS6.2AI score
Exploits0References7
NVD
NVDadded 2026/05/26 3:16 p.m.8 views

CVE-2026-46368

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS0.0008EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/26 2:8 p.m.8 views

EUVD-2026-31836

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS6.1AI score0.0008EPSS
Exploits0References3
CVE
CVEadded 2026/05/26 2:8 p.m.13 views

CVE-2026-46368

CVE-2026-46368 affects the OpenWrt luci-app-https-dns-proxy package (not Core OpenWrt). The vulnerability is a command injection in setInitAction via a ubus RPC call; an authenticated user with the luci.https-dns-proxy ACL can inject shell metacharacters through the 'name' parameter, enabling arb...

8.8CVSS6.1AI score0.0008EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/26 2:8 p.m.7 views

CVE-2026-46368 luci-app-https-dns-proxy Authenticated Command Injection via setInitAction

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS6.1AI score0.0008EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/26 2:8 p.m.6 views

CVE-2026-46368

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS6.1AI score0.0008EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/26 2:8 p.m.31 views

CVE-2026-46368 luci-app-https-dns-proxy Authenticated Command Injection via setInitAction

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS0.0008EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.8 views

PT-2026-43259

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS6.1AI score0.0008EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/03/27 2:23 p.m.5 views

CVE-2021-27821

The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution...

6.1CVSS7AI score0.00489EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:15 p.m.2 views

CVE-2026-4537

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

5.8CVSS5AI score0.0033EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/22 6:30 a.m.1 views

EUVD-2026-14277

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

5.8CVSS5.6AI score0.0033EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/03/22 4:2 a.m.1 views

CVE-2026-4537 Cudy TR1200 ipsec.lua action_ipsec_conn command injection

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

5.8CVSS5AI score0.0033EPSS
Exploits0References4
NVD
NVDadded 2026/03/19 11:16 p.m.1 views

CVE-2026-32721

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...

8.6CVSS0.00008EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/03/19 10:46 p.m.2 views

CVE-2026-32721

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...

8.6CVSS5.8AI score0.00008EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2026/03/19 10:46 p.m.21 views

CVE-2026-32721

LuCI (OpenWrt configuration interface) is affected by a stored XSS in the wireless scan modal within luci-mod-network. The vulnerability arises because SSIDs from scan results are rendered as raw HTML via innerHTML in wireless.js when passed to dom.append(), allowing a malicious SSID to execute a...

8.6CVSS5.8AI score0.00008EPSS
Exploits0References3Affected Software2
EUVD
EUVDadded 2026/03/19 10:46 p.m.2 views

EUVD-2026-13382

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...

8.6CVSS5.8AI score0.00008EPSS
Exploits0References3
Rows per page
Query Builder