Lucene search
K

953 matches found

Cvelist
Cvelist
added 2025/05/01 12:0 a.m.11 views

CVE-2025-44854

TOTOLINK CP900 V6.3c.1144B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

0.00884EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/01 12:0 a.m.7 views

CVE-2025-44838

TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

8.8AI score0.00884EPSS
Exploits1References1
CVE
CVE
added 2025/05/01 12:0 a.m.65 views

CVE-2025-44854

CVE-2025-44854 affects TOTOLINK CP900 (V6.3c.1144_B20190715). The vulnerability exists in the setUpgradeUboot function via the FileName parameter, enabling command injection and potential arbitrary command execution. Multiple connected sources corroborate the issue and link it to a vulnerable CP9...

6.3CVSS6.9AI score0.00884EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/01 12:0 a.m.7 views

CVE-2025-44854

TOTOLINK CP900 V6.3c.1144B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

8.4AI score0.00884EPSS
Exploits1References1
CVE
CVE
added 2025/05/01 12:0 a.m.63 views

CVE-2025-44844

TOTOLINK CA600-PoE (V5.3c.6665_B20180820) has a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This could allow an attacker to execute arbitrary commands on the device. PT-2025-18665 provides a mitigation suggesting disabling the setUpgradeFW function and...

6.5CVSS7.9AI score0.00903EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/04/29 12:15 p.m.4 views

CVE-2025-4059

A vulnerability classified as critical was found in code-projects Prison Management System 1.0. This vulnerability affects the function addrecord of the component PrisonMgmtSys. The manipulation of the argument filename leads to stack-based buffer overflow. An attack has to be approached locally...

7.8CVSS5.8AI score0.00288EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/04/29 12:0 a.m.6 views

Code-Projects Prison Management System 安全漏洞

Code-Projects Prison Management System is an open source prison management system from Code-Projects. A security vulnerability exists in Code-Projects Prison Management System version 1.0, which stems from an improper manipulation of the parameter filename in the addrecord function of the...

7.8CVSS5.8AI score0.00288EPSS
Exploits1References5
OSV
OSV
added 2025/04/22 6:15 p.m.5 views

CVE-2025-28039

TOTOLINK EX1200T V4.1.2cu.5232B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter...

9.8CVSS5.9AI score0.00919EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.4 views

TOTOLINK EX1200T 安全漏洞

The TOTOLINK EX1200T is a dual-band wireless signal amplifier that is primarily used to extend the coverage of an existing wireless network. A code execution vulnerability exists in the TOTOLINK EX1200T. The vulnerability stems from the FileName parameter in the setUpgradeFW function for...

9.8CVSS8.4AI score0.00919EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/04/19 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-28912

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW...

10CVSS7.3AI score0.02492EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.5 views

PT-2025-17012 · Wpcafe · Wpcafe

Name of the Vulnerable Software and Affected Versions: WPCafe versions 2.2.32 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This is a...

7.5CVSS8.2AI score0.00628EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/04/09 12:0 a.m.6 views

The vulnerability of the `setUpgradeFW` function in TOTOLINK CP450 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the setUpgradeFW function in TOTOLINK CP450 router microprogramming software is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the FileName parameter...

10CVSS5.9AI score0.019EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/03/03 6:15 p.m.4 views

CVE-2023-49031

Directory Traversal Local File Inclusion vulnerability in Tikit now Advanced eMarketing platform 6.8.3.0 allows a remote attacker to read arbitrary files and obtain sensitive information via a crafted payload to the filename parameter to the OpenLogFile endpoint...

5.1CVSS7.4AI score0.00733EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/14 12:19 a.m.11 views

CVE-2024-35401

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

5.9CVSS7.9AI score0.00688EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/02/10 6:50 p.m.10 views

CVE-2024-8550 Local File Inclusion (LFI) in modelscope/agentscope

A Local File Inclusion LFI vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue aris...

7.5CVSS7.4AI score0.0048EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/06 4:12 a.m.11 views

CVE-2021-40680

There is a Directory Traversal vulnerability in Artica Proxy 4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273 via the filename parameter to /cgi-bin/main.cgi...

8.1CVSS6.7AI score0.01262EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/01/30 5:44 p.m.5 views

WordPress System Dashboard plugin <= 2.8.17 - Reflected Cross-Site Scripting via Filename Parameter vulnerability

Reflected Cross-Site Scripting via Filename Parameter vulnerability discovered by vgo0 in WordPress Plugin System Dashboard versions = 2.8.17...

6.1CVSS6.3AI score0.00385EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/01/30 2:15 p.m.2 views

CVE-2024-12299

The System Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Filename parameter in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS7.4AI score0.00385EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/30 1:42 p.m.35 views

CVE-2024-12299 System Dashboard <= 2.8.17 - Reflected Cross-Site Scripting via Filename Parameter

The System Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Filename parameter in all versions up to, and including, 2.8.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS0.00385EPSS
Exploits0References3
CVE
CVE
added 2025/01/30 1:42 p.m.50 views

CVE-2024-12299

CVE-2024-12299 (WordPress System Dashboard plugin) : Affected plugin versions

6.1CVSS7.4AI score0.00385EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder