CVE-2025-9262 wong2 mcp-cli oAuth provider.js redirectToAuthorization os command injection

A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity...

CVE-2025-9244

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaticRoute of the file /goform/addStaticRoute. Such manipulation of the argument...

CVE-2025-9244

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaticRoute of the file /goform/addStaticRoute. Such manipulation of the argument...

CVE-2025-9244

The CVE-2025-9244 entry describes a remote OS command injection in Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 devices. Affected component: the addStaticRoute function in /goform/addStaticRoute. Exploitable by manipulating arguments staticRoute_IP_setting, staticRoute_Netmask_setting, stati...

Linux Distros Unpatched Vulnerability : CVE-2017-5078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote...

PT-2025-34152 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250 versions 1.0.013.001 through 1.2.07.001 Linksys RE6300 versions 1.0.013.001 through 1.2.07.001 Linksys RE6350 versions 1.0.013.001 through 1.2.07.001 Linksys RE6500 versions 1.0.013.001 through 1.2.07.001 Linksys RE7000 version...

CVE-2025-9149

A vulnerability was determined in Wavlink WL-NU516U1 M16U1V240425. This impacts the function sub4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guestssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

CVE-2025-9149

A vulnerability was determined in Wavlink WL-NU516U1 M16U1V240425. This impacts the function sub4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guestssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

CVE-2025-9149 Wavlink WL-NU516U1 wireless.cgi sub_4032E4 command injection

A vulnerability was determined in Wavlink WL-NU516U1 M16U1V240425. This impacts the function sub4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guestssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

CVE-2025-9149 Wavlink WL-NU516U1 wireless.cgi sub_4032E4 command injection

A vulnerability was determined in Wavlink WL-NU516U1 M16U1V240425. This impacts the function sub4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guestssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

CVE-2025-9149

CVE-2025-9149 affects Wavlink WL-NU516U1 M16U1_V240425. The vulnerability is in the function sub_4032E4 of the file /cgi-bin/wireless.cgi, where manipulation of the argument Guest_ssid enables command injection. The issue is exploitable remotely, and public exploit details (PoC) have been disclos...

CVE-2025-9090

A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

PT-2025-33820 · Wavlink · Wavlink Wl-Nu516U1

Name of the Vulnerable Software and Affected Versions: Wavlink WL-NU516U1 M16U1 V240425 Description: A vulnerability exists due to command injection. The issue is located in the /cgi-bin/wireless.cgi file and impacts the sub 4032E4 function. Manipulation of the Guest ssid argument can lead to...

Linux Distros Unpatched Vulnerability : CVE-2024-8517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system...

Linux Distros Unpatched Vulnerability : CVE-2018-11652

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header,...

Exploit for Command Injection in Tenda Ac20_Firmware

CVE-2025-9090 Author: Byte Reaper Description This exp...

CVE-2025-9026

A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgimain of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-9090

A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

CVE-2025-9090

CVE-2025-9090 affects Tenda AC20 router (firmware 16.03.08.12). The flaw is in the Telnet Service: the websFormDefine function in /goform/telnet allows remote command injection. Public exploitation exists (exploit code and PoC references in multiple sources), enabling arbitrary command execution ...

PT-2025-33607 · Tenda · Tenda Ac20

Name of the Vulnerable Software and Affected Versions: Tenda AC20 version 16.03.08.12 Description: A vulnerability was identified in the Telnet Service component of Tenda AC20. The websFormDefine function within the /goform/telnet file is affected, leading to command injection. The attack can be...