Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

32 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 8:33 a.m.2 views

CVE-2024-39280

An external config control vulnerability exists in the nas.cgi setsmbcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS7AI score0.0585EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 8:32 a.m.5 views

CVE-2024-39800

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

9.1CVSS7.4AI score0.00353EPSS
Exploits1References1
Hacker One
Hacker Oneadded 2025/11/10 3:55 p.m.14 views

curl: Arbitrary Configuration File Inclusion: via External Control of File Name or Path

Summary: The Arbitrary Configuration File Inclusion ACFI vulnerability was identified in the curl utility via the --config option. This flaw is a form of External Control of File Name or Path CWE-73, occurring due to the lack of adequate validation on the user-supplied configuration file path. An...

7.1AI score
Exploits0
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2024-38344

Malicious code in bioql PyPI...

9.1CVSS8.6AI score0.00353EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-38383

Malicious code in bioql PyPI...

9.1CVSS8.5AI score0.00045EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-38391

Malicious code in bioql PyPI...

9.1CVSS9AI score0.00404EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2024-38374

Malicious code in bioql PyPI...

9.1CVSS9AI score0.0585EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/02/05 8:59 a.m.3 views

CVE-2024-38666

An external config control vulnerability exists in the openvpn.cgi openvpnclientsetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS7AI score0.0585EPSS
Exploits1
OSV
OSVadded 2025/01/14 3:15 p.m.1 views

CVE-2024-39798

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

7.2CVSS7.5AI score
Exploits0References2
OSV
OSVadded 2025/01/14 3:15 p.m.2 views

CVE-2024-39602

An external config control vulnerability exists in the nas.cgi setnas functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS7.4AI score
Exploits0References2
OSV
OSVadded 2025/01/14 3:15 p.m.0 views

CVE-2024-38666

An external config control vulnerability exists in the openvpn.cgi openvpnclientsetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS7.4AI score0.0585EPSS
Exploits1References2
CVE
CVEadded 2025/01/14 2:21 p.m.51 views

CVE-2024-39602

CVE-2024-39602 affects WAVLINK AC3000 M33A8.V5030.210505. The vulnerability is in nas.cgi set_nas(), where insufficient input handling allows an authenticated HTTP request to trigger arbitrary command execution via the set_nas flow (external config control). TALOS CVE details indicate a high-seve...

9.1CVSS7.1AI score0.00404EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2025/01/14 2:21 p.m.44 views

CVE-2024-38666

Cisco Talos reports CVE-2024-38666 affects Wavlink AC3000 M33A8.V5030.210505, where openvpn.cgi openvpn_client_setup() accepts POST data to write into /vendor/openvpn/client/client.ovpn, enabling arbitrary command execution when vpn_type=client and ovpn_text is provided. A specially crafted authe...

9.1CVSS7.1AI score0.0585EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2025/01/14 2:21 p.m.4 views

CVE-2024-39602

An external config control vulnerability exists in the nas.cgi setnas functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS9.3AI score0.00404EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/01/14 2:21 p.m.5 views

CVE-2024-38666

An external config control vulnerability exists in the openvpn.cgi openvpnclientsetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS0.0585EPSS
Exploits1References1
CVE
CVEadded 2025/01/14 2:21 p.m.38 views

CVE-2024-39795

CVE-2024-39795 affects WAVLINK AC3000 (nas.cgi set_nas() proftpd) with multiple external configuration control vulnerabilities. TALOS details unauthenticated? actually requires a valid session to trigger via HTTP and shows how FTP settings (ftp_name, ftp_port, ftp_max_sessions, ftp_adddir, etc.) ...

9.1CVSS7.2AI score0.00045EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2025/01/14 2:21 p.m.11 views

CVE-2024-39794

Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

9.1CVSS0.00047EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/01/14 2:20 p.m.7 views

CVE-2024-39793

Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

9.1CVSS0.00045EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/01/14 2:20 p.m.9 views

CVE-2024-39790

Multiple external config control vulnerabilities exist in the nas.cgi setftpcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration...

9.1CVSS0.00045EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2025/01/14 2:20 p.m.4 views

CVE-2024-39280

An external config control vulnerability exists in the nas.cgi setsmbcfg functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS9.3AI score0.0585EPSS
Exploits1References1
Rows per page
Query Builder