9784 matches found
EUVD-2026-8763
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact i...
CVE-2026-27613 CGI Parameter Injection (Bypass of STRICT_CGI_PARAMS and EscapeShellParam)
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact i...
CVE-2026-27613 CGI Parameter Injection (Bypass of STRICT_CGI_PARAMS and EscapeShellParam)
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact i...
CVE-2025-67445
TOTOLINK X5000R V9.1.0cu.2415B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENTLENGTH environment variable and allocates memory using malloc CONTENTLENGTH + 1 without sufficient bounds checking. When lighttpd s request size limit is not enforce...
CVE-2025-11846
A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...
CVE-2025-11847
A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...
CVE-2026-1459
A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.7C0 could allow an authenticated attacker with administrator privileges to execute operating system OS commands on an affected device...
Advantech WISE-6610 OS Command Injection Vulnerability
Advantech WISE-6610 is a core gateway device from Advantech, Taiwan, China. The Advantech WISE-6610 suffers from an operating system command injection vulnerability that originates from a misuse of the parameter deletefile in the file /cgi-bin/luci/admin/openvpnapply, which can be exploited by an...
CVE-2025-11848
A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...
CVE-2025-11847
A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...
CVE-2026-1459
A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.7C0 could allow an authenticated attacker with administrator privileges to execute operating system OS commands on an affected device...
CVE-2025-11848
A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...
CVE-2025-11848
The CVE-2025-11848 entry concerns a null pointer dereference in the Wake-on-LAN CGI program of Zyxel devices. Affected products are Zyxel VMG3625-T50B (firmware up to 5.50(ABPM.9.6)C0) and Zyxel WX3100-T0 (firmware up to 5.50(ABVL.4.8)C0). The vulnerability can be triggered by an authenticated at...
CVE-2025-11848
A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...
EUVD-2025-207552
A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...
CVE-2025-69700
Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modifyaddclientprio function, which is reachable via the formSetClientPrio CGI handler...
CVE-2025-11846
A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...
EUVD-2025-207556
A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...
CVE-2025-11845
Summary: CVE-2025-11845 is a null pointer dereference in the certificate downloader CGI program affecting Zyxel VMG3625-T50B (up to 5.50(ABPM.9.6)C0) and Zyxel WX3100-T0 (up to 5.50(ABVL.4.8)C0). An authenticated administrator can trigger a denial-of-service by sending a crafted HTTP request. The...
EUVD-2025-207562
A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...