Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

340 matches found

CVE
CVEadded 2022/02/22 2:25 p.m.74 views

CVE-2021-4029

CVE-2021-4029 concerns Zyxel ARMOR Z1/Z2 firmware where the CGI program is vulnerable to command injection over the LAN interface. The available documents identify the affected component as the CGI entry point within the Zyxel firmware and state that an attacker could execute arbitrary OS command...

8.8CVSS8.9AI score0.00603EPSS
Exploits0References1Affected Software1
CNVD
CNVDadded 2021/12/30 12:0 a.m.11 views

Zyxel NBG6604 Access Control Error Vulnerability

The Zyxel NBG6604 is a dual-band wireless router from China-based Hopkins Technology Zyxel. An access control error vulnerability exists in the Zyxel NBG6604 that originates from the product's CGI program allowing users with expired sessions to access the device. No details of the vulnerability a...

9.1CVSS9.2AI score0.00329EPSS
Exploits0References1
NVD
NVDadded 2021/12/29 1:15 p.m.10 views

CVE-2021-35034

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted...

9.1CVSS0.00329EPSS
Exploits0References1
Prion
Prionadded 2021/12/29 1:15 p.m.12 views

Session fixation

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted...

6.4CVSS8.9AI score0.00329EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2021/12/29 12:36 p.m.12 views

CVE-2021-35034

An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted...

7.4CVSS9.2AI score0.00329EPSS
Exploits0References1
CVE
CVEadded 2021/12/29 12:36 p.m.42 views

CVE-2021-35034

Zyxel NBG6604 firmware CGI program has an insufficient session expiration vulnerability that can let a remote attacker access the device if the correct token is intercepted. Impact is unauthorized access via the network; exploitation is network-based with no user interaction. No explicit remediat...

9.1CVSS9AI score0.00329EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2021/10/21 8:15 a.m.9 views

Null pointer dereference

A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations...

5CVSS7.4AI score0.00742EPSS
Exploits0References2Affected Software2
Cvelist
Cvelistadded 2021/10/21 7:46 a.m.10 views

CVE-2021-23139

A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations...

7.6AI score0.00742EPSS
Exploits0References2
CVE
CVEadded 2021/10/21 7:46 a.m.39 views

CVE-2021-23139

The CVE-2021-23139 issue affects Trend Micro Apex One and Worry-Free Business Security 10.0 SP1. A null pointer dereference in the CGI interface can allow a remote attacker to crash the CGI process, resulting in a denial of service. Descriptions and connected documents confirm the vulnerability i...

7.5CVSS7.4AI score0.00742EPSS
Exploits0References2Affected Software3
NVD
NVDadded 2021/07/26 12:15 p.m.15 views

CVE-2021-35030

A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting XSS attack via a crafted LLDP packet...

4.3CVSS0.00115EPSS
Exploits0References1
Prion
Prionadded 2021/07/26 12:15 p.m.12 views

Cross site scripting

A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting XSS attack via a crafted LLDP packet...

2.3CVSS4.4AI score0.00115EPSS
Exploits0References1Affected Software12
NVD
NVDadded 2021/04/26 1:15 a.m.10 views

CVE-2021-20696

DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program...

9CVSS0.00841EPSS
Exploits0References2
OSV
OSVadded 2021/04/26 1:15 a.m.1 views

CVE-2021-20696

DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program...

8.8CVSS6AI score
Exploits0References2
Prion
Prionadded 2021/04/26 1:15 a.m.11 views

Design/Logic Flaw

DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program...

9CVSS8.7AI score0.00841EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2021/04/26 12:20 a.m.10 views

CVE-2021-20696

DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program...

8.9AI score0.00841EPSS
Exploits0References2
CVE
CVEadded 2021/04/26 12:20 a.m.36 views

CVE-2021-20696

CVE-2021-20696 affects D-Link DAP-1880AC firmware 1.21 and earlier. A remote authenticated attacker can send a crafted request to a CGI program to execute arbitrary OS commands, enabling remote code execution. Impact: high (CVE-2021-20696). Remediation: update to firmware 1.23 or later as per ven...

9CVSS8.7AI score0.00841EPSS
Exploits0References2Affected Software1
CNVD
CNVDadded 2021/04/13 12:0 a.m.5 views

D-Link DAP-1880AC OS Command Execution Vulnerability

The D-Link DAP-1880AC is a wireless access point from AUO D-Link of Taiwan, China. It provides to build a simultaneous dual-band wireless network that enables a wide range of wireless areas in the 2.4GHz and 5GHz bands. A command injection vulnerability exists in DAP-1880AC firmware version 1.2.1...

9CVSS7.9AI score0.00841EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2021/02/16 12:0 a.m.285 views

Webmin < 1.970 Multiple Vulnerabilities

According to its self-reported version, the version of Webmin running on the remote host may be affected by multiple vulnerabilities, including the following: - Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary...

9.8CVSS8.4AI score0.75147EPSS
Exploits9References4
Prion
Prionadded 2020/12/29 6:15 a.m.13 views

Code injection

miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program...

7.5CVSS9.3AI score0.00433EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2020/12/29 5:35 a.m.14 views

CVE-2020-35769

miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program...

9.5AI score0.00433EPSS
Exploits0References2
Rows per page
Query Builder