Lucene search
K

11 matches found

Cvelist
Cvelist
added 2026/06/14 8:45 p.m.25 views

CVE-2026-12186 GL.iNet GL-MT3000 Tor Proxy Service Configuration tor replace_country command injection

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replacecountry in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploi...

9CVSS0.01966EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/07 2:30 a.m.6 views

CVE-2026-11450

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument devname results in command injection. It is possible to initiate the attack...

7.5CVSS5.4AI score0.01572EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2026/06/07 2:30 a.m.26 views

CVE-2026-11450

GL.iNet GL-MT3000 firmware 4.4.5 contains a command injection in the Path Normalization Handler via dlopen in /usr/lib/oui-httpd/rpc/ when processing the dev_name argument. This can be triggered remotely over the network. Upgrading to version 4.7 mitigates the issue by enabling method-level valid...

7.5CVSS7.1AI score0.01572EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/07 2:0 a.m.11 views

EUVD-2026-34979

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out remotely. Upgrading to...

5.8CVSS5.1AI score0.01582EPSS
Exploits0References5
CVE
CVE
added 2026/06/07 1:15 a.m.24 views

CVE-2026-11447

Summary: CVE-2026-11447 affects GL.iNet GL-MT3000 (firmware up to 4.4.5), specifically the MTK Backend component’s file iwinfo.so and the function iwinfo_backend. By manipulating the device argument, an attacker can trigger a remote command injection , with exploitation reportedly public. The iss...

6.5CVSS6.2AI score0.01073EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.19 views

PT-2026-47171

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument dev name results in command injection. It is possible to initiate the attack...

7.5CVSS7.1AI score0.01572EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.22 views

PT-2026-47169

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out remotely. Upgrading to...

5.8CVSS5.1AI score0.01582EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-33937

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST obje...

9.8CVSS6.7AI score0.0178EPSS
Exploits2References4
Snyk
Snyk
added 2026/02/25 6:32 p.m.3 views

Double Free

Overview Affected versions of this package are vulnerable to Double Free via the tiffcrop.c component. An attacker can cause a crash or potentially execute arbitrary code by triggering a double free condition. Remediation Upgrade libtiff to version 4.7.1 or higher. References - GitHub Gist - GitL...

6.8CVSS6.3AI score0.00131EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/11/23 12:0 a.m.6 views

PT-2024-15279 · Datagear · Datagear

Name of the Vulnerable Software and Affected Versions: DataGear versions up to 4.60 Description: A critical issue affects the unknown code of the file /dataSet/resolveSql, where the manipulation of the sql argument leads to sql injection. The attack can be initiated remotely. Upgrading to version...

9.8CVSS7AI score0.00617EPSS
Exploits1References8
OSV
OSV
added 2022/06/13 7:15 a.m.4 views

CVE-2017-20042

A vulnerability has been found in Navetti PricePoint 4.6.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection Blind. The attack can be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It i...

8.8CVSS5.4AI score0.00692EPSS
Exploits0References2
Rows per page
Query Builder