EUVD-2025-35685

Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS Cross-site Scripting attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.1...

CVE-2025-53702 DoS vulnerability in Vilar VS-IPC1002 IP cameras

Vilar VS-IPC1002 IP cameras are vulnerable to DoS Denial-of-Service attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required. The vendor did not...

EUVD-2025-35686

Vilar VS-IPC1002 IP cameras are vulnerable to DoS Denial-of-Service attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required. The vendor did not...

Vilar VS-IPC1002 安全漏洞

The Vilar VS-IPC1002 is a webcam from the Chinese company Vilar. A security vulnerability exists in the Vilar VS-IPC1002 version 1.1.0.18, which originates from an unauthenticated attacker who can send a specially crafted request to the /cgi-bin/action endpoint, potentially resulting in a denial ...

Vilar VS-IPC1002 跨站脚本漏洞

Vilar VS-IPC1002 is a webcam from the Chinese company Vilar. A cross-site scripting vulnerability exists in the Vilar VS-IPC1002 version 1.1.0.18, which stems from improper cleanup of the GET request parameter on the /cgi-bin/action endpoint, which could lead to a reflected cross-site scripting...

PT-2025-43512

Name of the Vulnerable Software and Affected Versions Vilar VS-IPC1002 IP cameras affected versions not specified Description Vilar VS-IPC1002 IP cameras are susceptible to Reflected Cross-Site Scripting XSS attacks. This occurs because parameters within GET requests sent to the /cgi-bin/action A...

PT-2025-42828

Name of the Vulnerable Software and Affected Versions Zyxel ATP series versions V4.32 through V5.40 Zyxel USG FLEX series versions V4.50 through V5.40 Zyxel USG FLEX 50W series versions V4.16 through V5.40 Zyxel USG20W-VPN series versions V4.16 through V5.40 Description A missing authorization fl...

CVE-2025-61541

Webmin 2.510 is affected by CVE-2025-61541 due to a Host Header Injection in forgot_send.cgi. The reset link is constructed using the HTTP Host header via get_webmin_email_url(), allowing an attacker to inject a malicious domain into the password reset email. If a victim clicks the poisoned link,...

OPENSUSE-SU-2025:15625-1 perl-CGI-Simple-1.282.0-1.1 on GA media

These are all security issues fixed in the perl-CGI-Simple-1.282.0-1.1 package on the GA media of openSUSE Tumbleweed...

VulnCheck KEV: CVE-2018-11714

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of...

CVE-2025-11444

A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launc...

CVE-2025-11444 TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow

A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launc...

CVE-2025-11444 TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow

A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launc...

CVE-2025-11444

TOTOLINK N600R is affected: the buffer overflow exists in the HTTP Request Handler’s setWiFiBasicConfig function, in /cgi-bin/cstecgi.cgi, triggered by manipulating the wepkey argument. This vulnerability allows remote exploitation and has publicly available PoCs. Affected firmware versions are p...

[SECURITY] Fedora 41 Update: civetweb-1.16-10.fc41

Civetweb is an easy to use, powerful, C C/C++ embeddable web server with optional CGI, SSL and Lua support. CivetWeb can be used by developers as a library, to add web server functionality to an existing application. It can also be used by end users as a stand-alone web server running on a Window...

[SECURITY] Fedora 42 Update: civetweb-1.16-10.fc42

Civetweb is an easy to use, powerful, C C/C++ embeddable web server with optional CGI, SSL and Lua support. CivetWeb can be used by developers as a library, to add web server functionality to an existing application. It can also be used by end users as a stand-alone web server running on a Window...

EUVD-2016-10447

Malware in sbrugna...

EUVD-2000-0508

Malware in sbrugna...

EUVD-2001-0901

Malware in sbrugna...

EUVD-2012-4376

Malware in sbrugna...