CVE-2025-60697

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...

CVE-2025-34318 IPFire < v2.29 Stored XSS via DNS Creation (proxy.cgi)

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLSHOSTNAME, UPSTREAMUSER, UPSTREAMPASSWORD, ADMINMAILADDRESS, and ADMINPASSWORD parameters when adding a new...

EUVD-2014-3887

Malware in sbrugna...

EUVD-2025-18262

Malicious code in bioql PyPI...

EUVD-2022-47150

Malicious code in bioql PyPI...

CVE-2025-45987

Blink routers BL-WR9000 V2.4.9 , BL-AC2100AZ3 V1.0.4, BL-X10AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200AT1 v1.0.0, BL-X26AC8 v1.2.8, BLAC450MAE4 v4.0.0 and BL-X26DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the dns1 and dns2 parameters in the bsSetDNSInfo...

CVE-2025-45987

Blink routers BL-WR9000 V2.4.9 , BL-AC2100AZ3 V1.0.4, BL-X10AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200AT1 v1.0.0, BL-X26AC8 v1.2.8, BLAC450MAE4 v4.0.0 and BL-X26DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the dns1 and dns2 parameters in the bsSetDNSInfo...

CVE-2025-45987

Blink routers BL-WR9000 V2.4.9 , BL-AC2100AZ3 V1.0.4, BL-X10AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200AT1 v1.0.0, BL-X26AC8 v1.2.8, BLAC450MAE4 v4.0.0 and BL-X26DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the dns1 and dns2 parameters in the bsSetDNSInfo...

LB-LINK多款产品 安全漏洞

LB-LINK BL-X26 and others are products of China Bilink LB-LINK.LB-LINK BL-X26 is a wireless router.LB-LINK BL-LTE300 is a wireless router.LB-LINK BL-AC2100 is a wireless Wi-Fi 6 router. A security vulnerability exists in several LB-LINK products, which stems from a command injection in the dns1 a...

CVE-2025-45987

Blink routers BL-WR9000 V2.4.9 , BL-AC2100AZ3 V1.0.4, BL-X10AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200AT1 v1.0.0, BL-X26AC8 v1.2.8, BLAC450MAE4 v4.0.0 and BL-X26DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the dns1 and dns2 parameters in the bsSetDNSInfo...

CVE-2025-45987

This CVE affects Blink router models: BL-WR9000 (v2.4.9), BL-AC2100 AZ3 (v1.0.4), BL-X10 AC8 (v1.0.5), BL-LTE300 (v1.2.3), BL-F1200 AT1 (v1.0.0), BL-X26 AC8 (v1.2.8), BLAC450M AE4 (v4.0.0), and BL-X26 DA3 (v1.2.7). The issue is multiple command injection in the bs_SetDNSInfo function via dns1 and...

CVE-2022-24144

Tenda AX3 v16.03.12.10CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters...

CVE-2019-20082

ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long landns1x or landns2x parameter to AdvancedLANContent.asp...

CVE-2022-44200

Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamodedns1pri and stamodedns1sec...

CVE-2022-44194

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmodedns1pri and apmodedns1sec...

CVE-2022-44200

Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamodedns1pri and stamodedns1sec...

CVE-2022-27002

Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddnsname, ddnspwd, hddns、ddnshost parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2019-20082

ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long landns1x or landns2x parameter to AdvancedLANContent.asp...

FreeBSD : FreeBSD -- rtsold(8) remote buffer overflow vulnerability (72ee7111-6007-11e6-a6c3-14dae9d210b8)

Due to a missing length check in the code that handles DNS parameters, a malformed router advertisement message can result in a stack buffer overflow in rtsold8. Impact : Receipt of a router advertisement message with a malformed DNSSL option, for instance from a compromised host on the same...

CVE-2014-3954

Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted DNS parameters in a router advertisement message...