36 matches found
CVE-2018-19987
D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B0101i3seBETA, and DIR-890L Rev.A 1.21B02BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint...
EUVD-2021-1932
Malware in sbrugna...
EUVD-2021-1073
Malware in sbrugna...
EUVD-2020-9321
Malware in sbrugna...
EUVD-2023-28214
Malicious code in bioql PyPI...
EUVD-2024-1595
Malicious code in bioql PyPI...
EUVD-2024-47046
Malicious code in bioql PyPI...
EUVD-2023-55180
Malicious code in bioql PyPI...
EUVD-2022-43753
Malicious code in bioql PyPI...
EUVD-2022-3489
Malicious code in bioql PyPI...
EUVD-2023-26888
Malicious code in bioql PyPI...
EUVD-2023-30292
Malicious code in bioql PyPI...
EUVD-2022-2887
Malicious code in bioql PyPI...
(Pwn2Own) QNAP QHora-322 tar Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of parameters provided to the tar executable. The issue...
CVE-2025-52994
The CVE-2025-52994 entry describes an OS Command Injection in phpThumb prior to version 1.7.24, caused by gif_outputAsJpeg in phpthumb.gif.php when given a crafted parameter. Affected versions include 1.7.23 and earlier; the issue is fixed in 1.7.23-202506081709, with advisories indicating upgrad...
CVE-2025-34099 VICIdial vicidial_sales_viewer.php Unauthenticated Command Injection via Basic Auth Password
An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidialsalesviewer.php component when password encryption is enabled a non-default configuration. The application improperly passes the HTTP Basic Authentication password directly ...
CVE-2025-7081
A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this vulnerability is the function formSetWanStatic of the file /goform/formSetWanStatic of the component webs. The manipulation of the argument...
CVE-2025-32918
Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions 2.4.0p6, 2.3.0p35, 2.2.0p44, and 2.1.0 EOL allows an authenticated user to inject arbitrary Livestatus commands...
CVE-2025-34082
A command injection vulnerability exists in IGEL OS versions prior to 11.04.270 within the Secure Terminal and Secure Shadow services. The flaw arises due to improper input sanitization in the handling of specially crafted PROXYCMD commands on TCP ports 30022 and 5900. An unauthenticated attacker...
CVE-2025-6897
A vulnerability classified as critical was found in D-Link DI-7300G+ 19.12.25A1. Affected by this vulnerability is an unknown functionality of the file httpddebug.asp. The manipulation of the argument Time leads to os command injection. The exploit has been disclosed to the public and may be used...