Linksys多款产品 命令注入漏洞

The Linksys RE6250, among others, is a wireless extender from Linksys USA. A command injection vulnerability exists in various Linksys products. The vulnerability stems from improper manipulation of the staticIp and staticNetmask parameters by the RPsetBasicAuto function, which may result in os...

PT-2025-32524 · Jcg · Jcg Link-Net Lw-N915R

Name of the Vulnerable Software and Affected Versions: JCG Link-net LW-N915R version 17s.20.001.908 Description: A vulnerability exists in the Wireless Basic Settings Page component of JCG Link-net LW-N915R version 17s.20.001.908. Manipulation of the Network Name argument in the /wireless/basic.a...

CVE-2025-8820 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 wirelessBasic stack-based overflow

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function wirelessBasic of the file /goform/wirelessBasic. The manipulation of the argument submitSSID1 leads to stack-based buffer overflow. The attack can be...

CVE-2025-8765

A vulnerability classified as problematic was found in Datacom DM955 5GT 1200 825.8010.00. Affected by this vulnerability is an unknown functionality of the component Wireless Basic Settings. The manipulation of the argument SSID leads to cross site scripting. The attack can be launched remotely...

CVE-2025-8765

CVE-2025-8765 affects Datacom DM955 5GT 1200 (825.8010.00) and is due to manipulation of the SSID parameter in Wireless Basic Settings, enabling reflected cross-site scripting. The vulnerability is exploitable remotely and exploitation has been disclosed publicly. Impact is limited to confidentia...

CVE-2025-8765 Datacom DM955 5GT 1200 Wireless Basic Settings cross site scripting

A vulnerability classified as problematic was found in Datacom DM955 5GT 1200 825.8010.00. Affected by this vulnerability is an unknown functionality of the component Wireless Basic Settings. The manipulation of the argument SSID leads to cross site scripting. The attack can be launched remotely...

CVE-2025-8765 Datacom DM955 5GT 1200 Wireless Basic Settings cross site scripting

A vulnerability classified as problematic was found in Datacom DM955 5GT 1200 825.8010.00. Affected by this vulnerability is an unknown functionality of the component Wireless Basic Settings. The manipulation of the argument SSID leads to cross site scripting. The attack can be launched remotely...

CVE-2012-10024

XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw ...

Linux Distros Unpatched Vulnerability : CVE-2025-8031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was...

PT-2025-32497 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists due to a stack-based buffer overflow in the wirelessBasic function within the /goform/wirelessBasic file. The vulnerability ...

PT-2025-32504 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 versions up to 20250801 Description: A stack-based buffer overflow vulnerability exists in the um rp autochannel function within the /goform/RP setBasicAuto file of affected Linksys...

PT-2025-32515 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders due to a flaw in the um inspect cross band function within the /goform/RP setBasicAuto file...

firefox: thunderbird: Incorrect URL stripping in CSP reports

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...

MAL-2025-191689 Malicious code in backtradingbot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 117c24f5b7a0f5e4921e4478231a717ecca01748a5b266d8984e619f06173984 Running the installed entry point downloads and executes remote code. During the analysis, the code was switching to websockets, adding a startup script and...

Malicious code in deno-r4-basic (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6713 Malicious code in deno-r4-basic (npm)

The package communicates with a domain associated with malicious activity...

CVE-2025-54573 CVAT vulnerable to email verification bypass by use of basic authentication

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified...

firefox: thunderbird: Incorrect URL stripping in CSP reports

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...

firefox: thunderbird: Incorrect URL stripping in CSP reports

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...

firefox: thunderbird: Incorrect URL stripping in CSP reports

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...