CVE-2026-25070

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...

CVE-2026-25070

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...

CVE-2026-25070

The CVE-2026-25070 vulnerability affects XikeStor SKS8310-8X Network Switch firmware

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14338)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . A cross-site scripting vulnerability exists in Smoothwall Express. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the SRCIP, DESTIP, or COMMENT parameters...

CVE-2019-25386

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the SRCIP, DESTIP,...

CVE-2019-25386

CVE-2019-25386 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, with multiple reflected XSS vulnerabilities in the dmzholes.cgi script. The issue allows attackers to inject arbitrary JavaScript into users’ browsers by submitting POST requests containing payloads in the SRC_IP, DEST_IP, or...

CVE-2019-25386 Smoothwall Express 3.1 'dmzholes.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the SRCIP, DESTIP,...

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . A cross-site scripting vulnerability exists in Smoothwall Express. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the SRCIP, DESTIP, or COMMENT parameters...

CVE-2026-2152 D-Link DIR-615 Web Configuration adv_routing.php os command injection

A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file advrouting.php of the component Web Configuration Interface. Performing a manipulation of the argument destip/ submask/ gw results in os command injection. The attack may be initiated remotely. T...

CVE-2026-2152

Summary: CVE-2026-2152 affects D-Link DIR-615 v4.10 (Web Configuration Interface). The vulnerability is in adv_routing.php; manipulating dest_ip, submask, or gw leads to OS command injection. It is remotely exploitable and the exploit has been publicized. Affected products are no longer maintaine...

CVE-2025-7418

A vulnerability was found in Tenda O3V2 1.0.0.123880 and classified as critical. Affected by this issue is the function fromPingResultGet of the file /goform/setPing of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. The attack may be launched...

Tenda O3V2 安全漏洞

Tenda O3V2 is an outdoor wireless bridge from Tenda, China. The Tenda O3V2 suffers from a buffer overflow vulnerability, which originates from the failure of the parameter destIP in the file /goform/setPing to correctly validate the length and size of the input data, which can be exploited by an...

Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft

IPv6 Vulnerability Packet Sender for Memory Corruption CVE-...

Twisted SSH client and server deny of service during SSH handshake.

Impact The Twisted SSH client and server implementation naively accepted an infinite amount of data for the peer's SSH version identifier. A malicious peer can trivially craft a request that uses all available memory and crash the server, resulting in denial of service. The attack is as simple as...

Vpn Plugin replacing destination IP with 0.0.0.0 for the 172.16.0.0/16 subnet - Spoofed IP to original IP.

ADC - While using VPN Plugin to access intranet resources, addresses for the subnet 172.16.0.0/16 are replaced by spoofed IP with a message similar to this: "Replaced the spoofed ip 172.16.10.10to original IP 0.0.0.0 in ICMP packet" And the traffic never reaches the destination...

VulnCheck KEV: CVE-2020-8958

Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the boaform/admin/formPing Dest IP Address field...

VulnCheck KEV: CVE-2018-15887

MainAnalysisContent.asp in ASUS DSL-N12EC1 1.1.2.3345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request...

FreeBSD -- ICMP/ICMP6 packet filter bypass in pf

Problem Description: States in pf4 let ICMP and ICMP6 packets pass if they have a packet in their payload matching an existing condition. pf4 does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet. Impact: A maliciously crafted...

Honeywell Scada System Information Disclosure

Exploit Title: Honeywell Scada System - Information Disclosure Date: 2018-05-23 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.honeywell.com Version: WebVersion : 3.2.1.294365 - DeviceType : IPC-HFW2320R-ZS Tested on: Linux To be written after the destination IP address...

CVE-2016-5673

UltraVNC Repeater before 1300 does not restrict destination IP addresses or TCP ports, which allows remote attackers to obtain open-proxy functionality by using a :: substring in between the IP address and port number...