CVE-2026-7287

UNSUPPORTED WHEN ASSIGNED A buffer overflow vulnerability in the formWep, formWlAc, formPasswordSetup, formUpgradeCert, and formDelcert functions of the “webs” binary in Zyxel NWA1100-N customized firmware version 1.00AACE.1C0 could allow an attacker to trigger a denial-of-service DoS condition b...

CVE-2026-7256

CVE-2026-7256 affects Zyxel WRE6505 v2, firmware V1.00(ABDV.3)C0. The CGI program is vulnerable to a command injection that can let an adjacent LAN attacker execute OS commands by sending a crafted HTTP request. The description does not provide root cause specifics beyond the CGI-invocation path,...

CVE-2025-56079

OS Command Injection vulnerability in Ruijie RG-EW1300G EW1300G V1.00/V2.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

CVE-2025-13562

A vulnerability was identified in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads to command injection. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerabili...

D-Link DWR-M920和D-Link DIR-822K 安全漏洞

D-Link DWR-M920 and D-Link DIR-822K are both products of China's AUO D-Link.The D-Link DWR-M920 is a router.The D-Link DIR-822K is a wireless router.The D-Link DWR-M920 and D-Link DIR-822K are both products of China's AUO D-Link.The D-Link DWR-M920 and D-Link DIR-822K are wireless routers. A...

D-Link DIR-852 命令注入漏洞

D-Link DIR-852 is a router from China AUO D-Link. A command injection vulnerability exists in the D-Link DIR-852 version 1.00, which stems from the misuse of the parameter service in the file /gena.cgi, and could lead to a command injection attack...

EUVD-2025-31019

Malicious code in bioql PyPI...

CVE-2024-51848

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in digitalzoomstudio Parallaxer parallaxer-lite-parallax-effects-on-images allows Stored XSS.This issue affects Parallaxer: from n/a through = 1.00...

CVE-2025-1539

A vulnerability, which was classified as critical, has been found in D-Link DAP-1320 1.00. Affected by this issue is the function replacespecialchar of the file /storagein.pd-XXXXXX. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...

PT-2025-7523 · D Link · D-Link Dap-1320

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1320 version 1.00 Description: A critical issue has been found, affecting the function replace special char of the file /storagein.pd-XXXXXX. This issue leads to a stack-based buffer overflow and can be exploited remotely. The...

Zyxel VMG4325-B10A 操作系统命令注入漏洞

The Zyxel VMG4325-B10A is a modem from China Heqin Zyxel. An operating system command injection vulnerability exists in the Zyxel VMG4325-B10A version 1.00AAFR.4C020170615. An attacker could exploit this vulnerability to execute operating system OS commands...

Zyxel VMG4325-B10A 操作系统命令注入漏洞

The Zyxel VMG4325-B10A is a modem from China Heqin Zyxel. An operating system command injection vulnerability exists in the Zyxel VMG4325-B10A version 1.00AAFR.4C020170615. An attacker could exploit this vulnerability to execute operating system OS commands...

Zyxel VMG4325-B10A 授权问题漏洞

The Zyxel VMG4325-B10A is a modem from China Heqin Zyxel. An authorization issue vulnerability exists in Zyxel VMG4325-B10A version 1.00AAFR.4C020170615, which stems from insecure default credentials...

PT-2025-2603 · Zyxel · Zyxel Vmg4325-B10A

Name of the Vulnerable Software and Affected Versions: Zyxel VMG4325-B10A firmware version 1.00AAFR.4C0 20170615 Description: A post-authentication command injection issue in the CGI program could allow an authenticated attacker to execute operating system commands on an affected device by sendin...

PT-2024-29839 · Unknown · Edgecross Basic Software For Windows +1

Name of the Vulnerable Software and Affected Versions: Edgecross Basic Software for Windows versions 1.00 and later Edgecross Basic Software for Developers versions 1.00 and later Description: The issue allows a malicious local attacker to execute arbitrary malicious code, resulting in informatio...

WordPress plugin Nabz Image Gallery SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A SQL injection...

Edgecross Basic Software 安全漏洞

Edgecross Basic Software is a software platform used in the Edge Computing space from Edgecross, Inc. that provides a variety of features to support data utilization and processing. A security vulnerability exists in Edgecross Basic Software ECP-BS1-W-D 1.00 and earlier versions, which originates...

WordPress plugin Parallaxer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

CVE-2024-9441 Linear eMerge e3-Series Forgot Password Command Injection

The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the loginid parameter when invoking the forgotpassword functionality over HTTP...

PT-2024-39634 · Linear · Linear Emerge E3-Series

Name of the Vulnerable Software and Affected Versions: Linear eMerge e3-Series versions 1.00-07 Description: The Linear eMerge e3-Series is vulnerable to an OS command injection issue. A remote and unauthenticated attacker can execute arbitrary OS commands via the login id parameter when invoking...