CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/05 6:7 a.m.•15 views

CVE-2026-36603

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN device to create arbitrary...

8.1CVSS5.6AI score0.00211EPSS

RedhatCVE•added 2026/06/05 12:9 a.m.•6 views

CVE-2025-69755

An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the atcommand.asp interface...

8.2CVSS6.1AI score0.00464EPSS

RedhatCVE•added 2026/06/05 12:9 a.m.•6 views

CVE-2025-67448

The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before storing and displaying them. An attacker can send an SMS containing a malicious XSS payload, which will be executed in the...

7.1CVSS5.8AI score0.00196EPSS

RedhatCVE•added 2026/06/05 12:9 a.m.•7 views

CVE-2025-67446

Improper Authentication Authentication Bypass exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie value e.g., setting it to "admin", an attacker can bypass the authentication schema and gain...

9.8CVSS5.8AI score0.00454EPSS

RedhatCVE•added 2026/06/05 12:9 a.m.•7 views

CVE-2025-67447

The network diagnosis ping module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address field before passing it to the system's ping command. An attacker can inject arbitrary OS commands,...

9.8CVSS6AI score0.01026EPSS

CNNVD•added 2026/06/05 12:0 a.m.•6 views

D-Link DWR-M920 命令注入漏洞

The D-Link DWR-M920 is a router produced by D-Link Corporation. Versions of the D-Link DWR-M920 prior to 1.1.50 contained a command injection vulnerability. This vulnerability stemmed from improper handling of the ussdValue parameter in the sub41CF20 function found in the /boafrm/formUSSDSetup...

8.8CVSS6.4AI score0.02681EPSS

Exploits1References7

CNNVD•added 2026/06/05 12:0 a.m.•5 views

D-Link DWR-M920 操作系统命令注入漏洞

The D-Link DWR-M920 is a router produced by D-Link Corporation. Versions of the D-Link DWR-M920 prior to 1.1.50 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper handling of the IMEIvalue parameter in the sub412DA0 function found in...

6.5CVSS6.4AI score0.01044EPSS

Exploits0References7

NVD•added 2026/06/04 6:16 p.m.•7 views

CVE-2025-69755

An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the atcommand.asp interface...

8.2CVSS0.00464EPSS

NVD•added 2026/06/04 6:16 p.m.•13 views

CVE-2025-67447

9.8CVSS0.01026EPSS

NVD•added 2026/06/04 6:16 p.m.•11 views

CVE-2025-67448

7.1CVSS0.00196EPSS

NVD•added 2026/06/04 5:16 p.m.•10 views

CVE-2025-67446

9.8CVSS0.00454EPSS

EUVD•added 2026/06/04 3:23 p.m.•8 views

EUVD-2026-33994

React Router vulnerable to Denial of Service via reflected user input in single-fetch...

vulnersOsv•added 2026/06/04 3:23 p.m.•3 views

Exploits0References5

@accounter/client (>=0.0.3 <=0.0.11-alpha-20260404002702-9340365def1af08a5cdbbf734a87d1d4839bdaff), @asamanvay/auth-service (>=0.0.2 <=0.0.4) +151 more potentially affected by CVE-2026-34077 via react-router (>=7.0.0 <=7.14.0-pre.0)

react-router NPM version =7.0.0, =0.0.3, =0.0.2, =3.5.2, =1.1.0, =1.0.1-MON-198808-web-js-deps-batch-1.0, =0.0.1, =3.4.9, =0.1.9, =0.3.1, =7.13.1-depup.0, =7.13.2-depup.0 and more Source cves: CVE-2026-34077 Source advisory: OSV:GHSA-RXV8-25V2-QMQ8...

7.5CVSS5.4AI score0.00258EPSS

Exploits0

OSV•added 2026/06/04 3:23 p.m.•6 views

GHSA-RXV8-25V2-QMQ8 React Router vulnerable to Denial of Service via reflected user input in single-fetch

A DoS vulnerability exists in the React Router v7 Framework Mode, as well as Remix v2.9.0+ with Single Fetch enabled. In some scenarios the underlying serialization algorithm can become a bottleneck when encoding specific types of data into server responses. Please upgrade to React Router v7.14.0...

Github Security Blog•added 2026/06/04 3:23 p.m.•11 views

Exploits0References6

React Router vulnerable to Denial of Service via reflected user input in single-fetch

Exploits0References6Affected Software2

SUSE CVE•added 2026/06/04 2:25 a.m.•7 views

SUSE CVE-2026-33245

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

8CVSS5.8AI score0.00176EPSS

Exploits0References3

SUSE CVE•added 2026/06/04 2:25 a.m.•7 views

SUSE CVE-2026-34077