Lucene search
K

79 matches found

NVD
NVD
added 2025/12/18 9:15 p.m.6 views

CVE-2025-62001

BullWall Ransomware Containment supports configurable file and directory exclusions such as '$RECYCLE.BIN' to balance monitoring scope and performance. Certain exclusion patterns could allow an authenticated attacker to rename directories in a way that avoids monitoring. Fixed in 4.6.1.14 and...

8.8CVSS0.00326EPSS
Exploits0References2
CVE
CVE
added 2025/10/28 2:37 p.m.15 views

CVE-2025-34312

IPFire

8.8CVSS7.8AI score0.02296EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/08 9:16 p.m.12 views

CVE-2025-50505

Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...

7.8CVSS5.6AI score0.00215EPSS
Exploits1References1
NVD
NVD
added 2025/10/07 2:15 p.m.5 views

CVE-2025-50505

Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...

7.8CVSS0.00215EPSS
Exploits1References5
OSV
OSV
added 2025/10/07 2:15 p.m.5 views

CVE-2025-50505

Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...

7.8CVSS5.9AI score0.00215EPSS
Exploits1References5
CVE
CVE
added 2025/10/07 12:0 a.m.23 views

CVE-2025-50505

CVE-2025-50505 affects Clash Verge Rev up to 2.2.3 (fixed in 2.3.0). An unauthenticated HTTP API on 127.0.0.1:33211 (/start_clash) allows local users to submit arbitrary bin_path, config_dir, config_file, and log_file values which are passed to the service process (clash-verge-service) for execut...

7.8CVSS5.6AI score0.00215EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-59773

Malicious code in bioql PyPI...

8.7CVSS6.6AI score0.06711EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/09/25 12:0 a.m.14 views

Wavlink NU516U1 命令注入漏洞

Wavlink NU516U1 is a wireless print server from China Ruiyin Wavlink. A command injection vulnerability exists in the Wavlink NU516U1 M16U1V240425, which originates from a misbehavior of the function sub4016F0 in the file /cgi-bin/firewall.cgi with respect to the parameter delflag, which could le...

8.8CVSS6.8AI score0.06807EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/08/30 6:21 p.m.6 views

CVE-2025-29524

Incorrect access control in the component /cgi-bin/systemdiagnosticmain.asp of DASAN GPON ONU H660WM H660WMR210825 allows attackers to access sensitive information...

6.5CVSS6.8AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/30 6:18 p.m.5 views

CVE-2023-7308

SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated...

8.7CVSS6.5AI score0.06711EPSS
Exploits1References1
NVD
NVD
added 2025/08/27 10:15 p.m.5 views

CVE-2023-7308

SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated...

8.7CVSS0.06711EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2025/08/22 12:0 a.m.53 views

VulnCheck KEV: CVE-2024-48074

An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function...

8CVSS5.8AI score0.00653EPSS
In wildExploits1References2
SUSE Linux
SUSE Linux
added 2025/04/02 9:38 a.m.3 views

Security update for apparmor

This update for apparmor fixes the following issue: Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternativel...

7.7AI score
Exploits0References2
OSV
OSV
added 2025/02/16 2:15 p.m.6 views

CVE-2025-1340

A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part of String leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit...

8.7CVSS6.3AI score0.14286EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2025/02/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-2353

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.85220230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be...

9CVSS5.5AI score0.03952EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/08/15 12:0 a.m.5 views

TOTOLINK LR350 安全漏洞

TOTOLINK LR350 is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK LR350 suffers from an Access Control Error vulnerability that originates from an Access Control Error vulnerability contained in the /cgi-bin/ExportSettings.sh file. No details of the vulnerability are provid...

9.8CVSS6.8AI score0.00604EPSS
Exploits1References2
OSV
OSV
added 2024/08/13 2:15 p.m.4 views

CVE-2024-42737

In TOTOLINK X5000r v9.1.0cu.2350b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands...

8.8CVSS6AI score0.01677EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/08/13 12:0 a.m.5 views

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setLedCfg function in the file /cgi-bin/cstecgi.cgi that fails to properly filter...

6.8CVSS8AI score0.0276EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/07/28 12:0 a.m.4 views

PT-2024-38122 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.5822 B20200513 Description: A critical issue has been found, affecting the setWanCfg function of the file /cgi-bin/cstecgi.cgi. The manipulation of the hostName argument leads to command injection. This issue ca...

8.8CVSS7AI score0.02999EPSS
Exploits1References8
OSV
OSV
added 2024/07/25 7:15 p.m.4 views

DEBIAN-CVE-2024-1724

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

8.2CVSS7.9AI score0.00306EPSS
Exploits1References1
Rows per page
Query Builder