Zyxel NWA50AX PRO 路径遍历漏洞

The Zyxel NWA50AX PRO is a wireless router from China Hopkins Zyxel. A path traversal vulnerability exists in Zyxel NWA50AX PRO 7.10 ACGE.2 and earlier versions, which stems from a path traversal in the fileupload-cgi CGI program that could lead to the deletion of configuration files...

LB-LINK多款产品 安全漏洞

LB-LINK BL-AC1900 and others are products of China Bilink LB-LINK.LB-LINK BL-AC1900 is a wireless router.LB-LINK BL-AC2100 is a wireless Wi-Fi 6 router.LB-LINK BL-AC3600 is a dual-band Gigabit wireless router that supports 2.4 GHz and 5 GHz bands for home and small office networks. A security...

TOTOLINK T6 注入漏洞

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. The TOTOLINK T6 suffers from a command injection vulnerability that originates from the failure of the parameter ip of the function CloudSrvVersionCheck in the fil...

LB-LINK多款产品 安全漏洞

LB-LINK BL-AC1900 and others are products of China Bilink LB-LINK.LB-LINK BL-AC1900 is a wireless router.LB-LINK BL-AC3600 is a dual-band Gigabit wireless router that supports both 2.4GHz and 5GHz bands for home and small office networks.LB-LINK AC2100AZ3 is a router. A security vulnerability...

CVE-2025-7525

A vulnerability was found in TOTOLINK T6 4.1.5cu.748B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument command leads to command injectio...

[SECURITY] Fedora 42 Update: php-8.4.10-1.fc42

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

VulnCheck KEV: CVE-2024-0297

A vulnerability was found in Totolink N200RE 9.3.5u.6139B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The...

SUSE-SU-2025:02280-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2025-46701: Fixed refactor CGI servlet to access resources via WebResources bsc1243815. - CVE-2025-48988: Fixed limits the total number of parts in a multi-part request and limits the size of the headers provided with each part bsc1244656. ...

BIT-TOMCAT-2025-46701 Apache Tomcat: Security constraint bypass for CGI scripts

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0 through 11.0.6, from 10.1.0 through...

SUSE SLES15 / openSUSE 15 Security Update : tomcat10 (SUSE-SU-2025:02261-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02261-1 advisory. - Fixed refactor CGI servlet to access resources via WebResources bsc1243815. - Fixed limits the total number of par...

Security update for tomcat10

This update for tomcat10 fixes the following issues: Fixed refactor CGI servlet to access resources via WebResources bsc1243815. Fixed limits the total number of parts in a multi-part request and limits the size of the headers provided with each part bsc1244656. Fixed expand checks for webAppMoun...

Exploit for OS Command Injection in Php

CVE-2024-4577 - PHP CGI Argument Injection RCE Summary CV...

Security update for tomcat

This update for tomcat fixes the following issues: CVE-2025-46701: Refactored CGI servlet to access resources via WebResources bsc1243815. CVE-2025-48988: Limited the total number of parts in a multi-part request and limits the size of the headers provided with each part bsc1244656. CVE-2025-4912...

CVE-2025-45029

WINSTAR WN572HP3 v230525 was discovered to contain a heap overflow via the CONTENTLENGTH variable at /cgi-bin/upload.cgi...

PT-2025-28663 · D Link · D-Link Dir-645

Name of the Vulnerable Software and Affected Versions: D-Link DIR-645 versions 1.05B01 and earlier Description: A critical issue affects the ssdpcgi main function of the ssdpcgi component, located in the /htdocs/cgibin file. This problem leads to command injection and can be exploited remotely. T...

CVE-2025-41418

Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request...

VulnCheck KEV: CVE-2024-54764

An access control issue in the component /login/hostinfo2.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication...

CVE-2025-41418

Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request...

CVE-2025-41418

Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request...

CVE-2025-41418

CVE-2025-41418 is a buffer overflow in TB-eye network recorders and TB-eye AHD recorders. The CGI process may terminate abnormally when handling a specially crafted request, affecting availability (low impact). No explicit exploit details are provided in the supplied documents. Remediation exists...