CVE-2025-29844

A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information...

CVE-2025-29843

A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files...

CVE-2025-29844

A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information...

CVE-2025-29845

A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files...

CVE-2025-29843

A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files...

EUVD-2025-201176

A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files...

CVE-2024-45539

CVE-2024-45539 is an out-of-bounds write vulnerability in the CGI components of Synology DiskStation Manager (DSM) and Synology Unified Controller (DSMUC). The flaw affects DSM versions before 7.2.1-69057-2, DSM 7.2.2-72806, and DSMUC before 3.1.4-23079. Remote attackers can cause denial of servi...

CVE-2024-45539

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors...

EUVD-2024-55301

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors...

CVE-2024-45539

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors...

PT-2025-49121

Name of the Vulnerable Software and Affected Versions ALLNET ALL-RUT22GW version 3.3.8 Description The ALLNET ALL-RUT22GW software contains an OS command injection issue. This occurs through the command parameter within the ''popen.cgi'' endpoint, allowing for potential unauthorized system access...

Linux Distros Unpatched Vulnerability : CVE-2025-65082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration...

SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2025:4264-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4264-1 advisory. - CVE-2024-35221: Fixed remote DoS via YAML manifest bsc1225905 - CVE-2024-47220: Fixed HTTP request smuggling...

CVE-2025-13798

A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function apmacfilteradd of the file /sendorder.cgi. Executing manipulation of the argument mac can lead to command injection. The attack may be performed from remote. The exploit has been published and may be used. The...

CVE-2025-13797

A vulnerability was detected in ADSLR B-QE2W401 250814-r037c. Affected by this issue is the function parameterdelswifimac of the file /sendorder.cgi. Performing manipulation of the argument delswifimac results in command injection. The attack is possible to be carried out remotely. The exploit is...

CVE-2025-13798 ADSLR NBR1005GPEV2 send_order.cgi ap_macfilter_add command injection

A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function apmacfilteradd of the file /sendorder.cgi. Executing manipulation of the argument mac can lead to command injection. The attack may be performed from remote. The exploit has been published and may be used. The...

CVE-2020-36874

ACE SECURITY WIP-90113 HD cameras are affected by an unauthenticated configuration-disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without authentication, risking exposure of administrative credentia...

Security update for ruby2.5

This update for ruby2.5 fixes the following issues: CVE-2024-35221: Fixed remote DoS via YAML manifest bsc1225905 CVE-2024-47220: Fixed HTTP request smuggling in WEBrick bsc1230930 CVE-2024-49761: Fixed ReDOS vulnerability by updating REXML to 3.3.9 bsc1232440 CVE-2025-24294: Fixed denial of...

SUSE-SU-2025:4264-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2024-35221: Fixed remote DoS via YAML manifest bsc1225905 - CVE-2024-47220: Fixed HTTP request smuggling in WEBrick bsc1230930 - CVE-2024-49761: Fixed ReDOS vulnerability by updating REXML to 3.3.9 bsc1232440 - CVE-2025-24294: Fixed denial...

EUVD-2025-199708

Out-of-bounds Read vulnerability in ASR1903、ASR3901 in ASR LapwingLinux on Linux nrfw modules. This vulnerability is associated with program files Code/nrfw/DLP/src/NrCgi.C. This issue affects LapwingLinux: before 2025/11/26...