Lucene search
+L

578 matches found

Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.9 views

PT-2026-23781

Name of the Vulnerable Software and Affected Versions XikeStor SKS8310-8X Network Switch versions prior to 1.04.B07 Description The XikeStor SKS8310-8X Network Switch contains an OS command injection issue in the /goform/PingTestSet API endpoint. Unauthenticated remote attackers can execute...

9.8CVSS6.4AI score0.02999EPSS
Exploits0References11
NVD
NVD
added 2026/03/04 8:16 a.m.9 views

CVE-2026-28773

The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...

9.3CVSS0.02088EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/04 7:16 a.m.6 views

CVE-2026-28773 Authenticated OS Command Injection via Ping Utility Leading to RCE as Root

The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...

9.3CVSS6.2AI score0.02088EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/04 7:16 a.m.4 views

CVE-2026-28773

The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...

9.3CVSS6.2AI score0.02088EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/04 7:16 a.m.34 views

CVE-2026-28773 Authenticated OS Command Injection via Ping Utility Leading to RCE as Root

The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...

9.3CVSS0.02088EPSS
Exploits1References1
CVE
CVE
added 2026/03/04 7:16 a.m.28 views

CVE-2026-28773

The CVE-2026-28773 entry concerns the IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface (version 101). Affected component: the web-based Ping diagnostic utility at /IDC_Ping/main.cgi. Root cause: insecure parsing of the IPaddr parameter enables OS command injection by bypassing ...

9.3CVSS6.2AI score0.02088EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2026/02/28 5:7 a.m.6 views

SQL Injection

LibreNMS is vulnerable to SQL Injection. The vulnerability is due to improper input sanitization and lack of parameterization in the IPv6 address search logic, where the prefix value is directly concatenated into the SQL query string without validation, and attackers can inject arbitrary SQL...

9.3CVSS6.1AI score0.0744EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.11 views

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router produced by TOTOLINK, a Chinese electronics company. The TOTOLINK X5000R v9.1.0cu2415B20250515 version contains a security vulnerability. This vulnerability stems from insufficient validation of IP parameters in the setDiagnosisCfg processing program. It may allow...

9.8CVSS5.8AI score0.00693EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.7 views

CVE-2026-2857

A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub423E00 of the file /boafrm/formPortFw of the component Port Forwarding Configuration Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation ...

9CVSS6AI score0.00863EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/22 12:0 a.m.12 views

D-Link DWR-M960 安全漏洞

The D-Link DWR-M960 is a router produced by D-Link Corporation. The D-Link DWR-M960 version 1.01.07 has a security vulnerability. This vulnerability stems from incorrect handling of parameters in the file /boafrm/formLteSetup, specifically the submit-url parameter. This could lead to a stack buff...

9CVSS7.7AI score0.00642EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/21 7:26 a.m.6 views

CVE-2026-26990

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly int...

8.8CVSS6AI score0.04054EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/20 1:29 a.m.4 views

CVE-2026-26990 LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly int...

8.8CVSS6.1AI score0.04054EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/20 1:29 a.m.5 views

CVE-2026-26990

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly int...

8.8CVSS6AI score0.04054EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/02/20 1:29 a.m.17 views

CVE-2026-26990

Summary: CVE-2026-26990 affects LibreNMS versions 25.12.0 and below, with a Time-Based Blind SQL Injection in the address-search.inc.php component via the address parameter. The issue arises when a crafted subnet prefix is supplied, causing the prefix value to be concatenated into SQL without pro...

8.8CVSS6.1AI score0.04054EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/20 12:0 a.m.23 views

CVE-2021-35402

PROLiNK PRC2402M 20190909 before 2021-06-13 allows liveapi.cgi?page=satellitelist OS command injection via shell metacharacters in the ip parameter for satellitestatus...

10CVSS0.00955EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

LibreNMS SQL注入漏洞

LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 25.12.0 have a SQL injection vulnerability, which stems from...

8.8CVSS5.9AI score0.04054EPSS
Exploits1References3
CVE
CVE
added 2026/02/20 12:0 a.m.16 views

CVE-2021-35402

CVE-2021-35402 affects PROLiNK PRC2402M firmware prior to 2021-06-13. The issue is an OS command injection in live_api.cgi when handling page=satellite_list (satellite_status) via the ip parameter, caused by shell metacharacters in user input. Impact is arbitrary command execution on vulnerable d...

10CVSS5.5AI score0.00955EPSS
Exploits0References1
OSV
OSV
added 2026/02/19 1:16 p.m.5 views

CVE-2019-25408

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmaskaddr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmaskaddr...

5.1CVSS5.9AI score0.0034EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.14 views

PT-2026-20811

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmask addr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmask addr...

6.1CVSS5.6AI score0.0034EPSS
Exploits1References4
OSV
OSV
added 2026/02/18 10:31 p.m.17 views

GHSA-79Q9-WC6P-CF92 LibreNMS has a Time-Based Blind SQL Injection in address-search.inc.php

Summary A time-based blind SQL injection vulnerability exists in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic...

8.8CVSS6AI score0.04054EPSS
Exploits1References4
Rows per page
Query Builder