CVE-2026-10127

A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack may be initiated remotely. The exploit has...

EUVD-2020-19887

Malware in sbrugna...

EUVD-2018-4297

Malware in sbrugna...

CVE-2025-11301

A weakness has been identified in Belkin F9K1015 1.00.10. This affects an unknown function of the file /goform/formWlanSetupWPS. This manipulation of the argument webpage causes buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be...

EUVD-2022-26388

Malicious code in bioql PyPI...

EUVD-2025-30228

Malicious code in bioql PyPI...

EUVD-2025-1788

Malicious code in bioql PyPI...

CVE-2025-7770 Predictable Seed in Pseudo-Random Number Generator (PRNG) in Tigo Energy Cloud Connect Advanced

Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID...

CVE-2023-24147

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini...

PT-2025-16977 · D Link · Dir 832

Name of the Vulnerable Software and Affected Versions: dlink DIR 832x version 240802 Description: The issue allows a remote attacker to execute arbitrary code via the target addr key value and the function 0x41737c. This enables the attacker to potentially gain control over the device...

CVE-2024-9200

CVE-2024-9200 describes a post-authentication command injection in the Zyxel VMG4005-B50A diagnostic function via the vulnerable host parameter. A user with administrator privileges can trigger OS commands on the device. Affected firmware: through V5.15(ABQA.2.2)C0. Root cause: lack of input hand...

CVE-2024-9200

A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15ABQA.2.2C0 could allow an authenticated attacker with administrator privileges to execute operating system OS commands on a vulnerable devi...

CVE-2024-8748

The CVE-2024-8748 entry describes a buffer overflow in the packet parser of the third‑party library libclinkc used by Zyxel VMG8825‑T50K firmware up to V5.50(ABOM.8.4)C0. This can allow a remote attacker to cause a temporary DoS of the device web management interface by sending a crafted HTTP POS...

CVE-2024-44402

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via mspinfo.htm...

CVE-2024-29975

UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an authenticated local attacker with administrator privileges to execute...

CVE-2023-37929

The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50ABPM.8C0 could allow an authenticated remote attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...

CVE-2023-37929

The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50ABPM.8C0 could allow an authenticated remote attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...

CVE-2023-37929

The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50ABPM.8C0 could allow an authenticated remote attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...

CVE-2023-37929

CVE-2023-37929 refers to a buffer overflow in the CGI program of the Zyxel VMG3625-T50B firmware (V5.50(ABPM.8)C0). The vulnerability allows an authenticated remote attacker to trigger denial of service by sending a crafted HTTP request to the affected device. CVSSv3.1 metrics indicate an attacke...

CVE-2023-38293

Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus versionCode='31', versionName='12' that allows local third-party apps to execute arbitrary AT commands in its context radio user via AT...