17 matches found
EUVD-2026-23108
ApostropheCMS: Information Disclosure via choices/counts Query Parameters Bypassing publicApiProjection Field Restrictions...
CVE-2026-39857
CVE-2026-39857 – ApostropheCMS (Node.js) : Versions 4.28.0 and earlier contain an authorization bypass in the REST API (choices and counts query parameters) where MongoDB distinct() is used in a way that ignores publicApiProjection restrictions. This allows an unauthenticated attacker to retrieve...
CVE-2025-54400
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...
CVE-2025-54406
Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...
CVE-2025-54406
Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...
CVE-2025-54406
Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...
CVE-2025-54400
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...
CVE-2025-54400
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...
EUVD-2025-32861
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...
CVE-2025-54400
Planet WGR-500 v1.3411b190912 contains multiple stack-based buffer overflow vulnerabilities in the formPingCmd function. The code builds a ping command using three inputs (ipaddr, counts, submit-url) and writes into 100-byte ping_command, 260-byte buffer_260, and 32-byte buffer_32 without proper ...
CVE-2025-54400
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...
EUVD-2025-32863
Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...
CVE-2025-54406
Planet WGR-500 v1.3411b190912 contains OS command injection flaws in the web server’s formPingCmd function. The vulnerability arises from unsafely using request parameters, notably counts , to compose a shell command (ping -c ) which is then executed via system(). Talos confirms multiple vulnera...
CVE-2025-54406
Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...
PT-2025-41007
Name of the Vulnerable Software and Affected Versions Planet WGR-500 version 1.3411b190912 Description Several OS command injection flaws are present in the formPingCmd functionality. An attacker can execute arbitrary commands by sending a crafted series of HTTP requests. The counts request...
Planet WGR-500 安全漏洞
The Planet WGR-500 is a WiFi router from Planet in Taiwan, China. A security vulnerability exists in the Planet WGR-500 v1.3411b190912 version, which stems from improper manipulation of the counts request parameter, which could lead to arbitrary command execution...
PT-2025-41001
Name of the Vulnerable Software and Affected Versions Planet WGR-500 version 1.3411b190912 Description Several stack-based buffer overflow issues are present in the formPingCmd functionality. An attacker can exploit these by sending specially crafted HTTP requests. The buffer overflow is related ...