EUVD-2023-45703

Malicious code in bioql PyPI...

ruby security update

An update is available for ruby. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an extensible, interpreted, object-oriented, scripting language. It has...

RLSA-2025:8131 Moderate: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion CVE-2025-25186 CGI: Denial of Service in CGI::Cookie.parse...

CVE-2025-10547

CVE-2025-10547 affects DrayTek Vigor Routers running DrayOS. An uninitialized variable in the HTTP CGI request arguments processing component can cause memory corruption, enabling remote code execution (RCE). Impact, per sources, includes unauthenticated attacker access via LAN or WAN (if EasyVPN...

CVE-2025-10547 CVE-2025-10547

An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption...

DrayTek Vigor Routers 安全漏洞

DrayTek Vigor Routers is a series of wireless routers from China-based DrayTek. A security vulnerability exists in DrayTek Vigor Routers that stems from the presence of uninitialized variables in the HTTP CGI request parameter handling component, which could lead to memory corruption and remote...

CVE-2025-11134

A security vulnerability has been detected in Cudy TR1200 1.16.3-20230804-164635. Impacted is an unknown function of the file /cgi-bin/luci/admin/network/wireless/config/ of the component Wireless Settings Page. Such manipulation of the argument SSID leads to cross site scripting. It is possible ...

CVE-2025-11073

A vulnerability was detected in Keyfactor RG-EW5100BE EW3.0B11P280EW5100BE-PRO12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url results in command injection. The attack can be...

CVE-2025-11073

CVE-2025-11073 affects Keyfactor RG-EW5100BE EW_3.0B11P280_EW5100BE-PRO_12183019: the HTTP POST Request Handler in /cgi-bin/luci/api/cmd has an argument url that can be manipulated to trigger command injection. The vulnerability is remote and the exploit is public. Connected records consistently ...

PT-2025-39737

Name of the Vulnerable Software and Affected Versions Keyfactor RG-EW5100BE EW 3.0B11P280 EW5100BE-PRO 12183019 Description A flaw exists in Keyfactor RG-EW5100BE EW 3.0B11P280 EW5100BE-PRO 12183019. The issue is related to command injection stemming from the manipulation of the url argument with...

CVE-2025-10961

A vulnerability was determined in Wavlink NU516U1 M16U1V240425. This affects the function sub4030C0 of the file /cgi-bin/wireless.cgi of the component DeleteMaclist Page. Executing manipulation of the argument deletelist can lead to command injection. The vendor was contacted early about this...

CVE-2025-10959

A vulnerability has been found in Wavlink NU516U1 M16U1V240425. The affected element is the function sub401778 of the file /cgi-bin/firewall.cgi. Such manipulation of the argument dmzflag leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public...

PT-2025-39432

Name of the Vulnerable Software and Affected Versions Wavlink NU516U1 M16U1 V240425 Description A flaw exists that allows for remote command injection. The issue is located in the sub 401778 function within the /cgi-bin/firewall.cgi file. Manipulation of the dmz flag argument can trigger the flaw...

PT-2025-39442

Name of the Vulnerable Software and Affected Versions Wavlink NU516U1 affected versions not specified Description A flaw exists in the Wavlink NU516U1 device. The issue is related to the manipulation of the remoteManagementEnabled argument within the sub 401B30 function of the /cgi-bin/firewall.c...

Wavlink NU516U1 命令注入漏洞

Wavlink NU516U1 is a wireless print server from China Ruiyin Wavlink. A command injection vulnerability exists in the Wavlink NU516U1 M16U1V240425, which originates from a misbehavior of the function sub4016F0 in the file /cgi-bin/firewall.cgi with respect to the parameter delflag, which could le...

PT-2025-39436

Name of the Vulnerable Software and Affected Versions Wavlink NU516U1 M16U1 V240425 Description A flaw exists in the function sub 4030C0 within the file /cgi-bin/wireless.cgi of the Delete Mac list Page component. Manipulation of the delete list argument can result in command injection. The vendo...

PT-2025-39103

Name of the Vulnerable Software and Affected Versions Vitogate 300 affected versions not specified Description An OS command injection issue exists in the Vitogate 300. A malicious user can exploit this to compromise affected installations. The issue is present in the /cgi-bin/vitogate.cgi API...

CVE-2025-10666

A security flaw has been discovered in D-Link DIR-825 up to 2.10. Affected by this vulnerability is the function sub4106d4 of the file apply.cgi. The manipulation of the argument countdowntime results in buffer overflow. The attack can be executed remotely. The exploit has been released to the...

CVE-2025-10546 Cross-Site Scripting (XSS) Vulnerability in PPC XPON ONT Wi-Fi Router

This vulnerability exist in PPC 2K15X Router, due to improper input validation for the Common Gateway Interface CGI parameters at its web management portal. A remote attacker could exploit this vulnerability by injecting malicious JavaScript into the vulnerable parameter, leading to a reflected...

CVE-2025-10546

Vulnerability: CVE-2025-10546 affects PPC 2K15X Router. Root cause: improper input validation of CGI parameters in the web management portal. Impact: remote attacker can inject JavaScript to achieve reflected XSS on the target system. Exploitation status: described as remote/network-based, with u...