15 matches found
CVE-2026-9348
A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vulnerability is an unknown functionality of the file /goform/mp of the component webs. The manipulation of the argument webs results in stack-based buffer overflow. It is possible to launch the attack remotely. The explo...
CVE-2026-9344
A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The impacted element is an unknown function of the file /goform/formWpsStart of the component webs. Such manipulation of the argument pinCode/wlan-url leads to stack-based buffer overflow. The attack can be executed...
CVE-2026-7608 TRENDnet TEW-821DAP tools_diagnostic os command injection
A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function toolsdiagnostic. The manipulation results in os command injection. The exploit is now public and may be used. The vendor explains: "That firmware version will only work on our hardware version...
CVE-2025-34518
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...
CVE-2025-34515
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in syncproject.sh that allows an attacker to escalate privileges to root. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...
CVE-2025-34515 Ilevia EVE X1 Server 4.7.18.0.eden Root Privilege Escalation
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in syncproject.sh that allows an attacker to escalate privileges to root. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...
CVE-2025-11635 Tomofun Furbo 360 File Upload resource consumption
A weakness has been identified in Tomofun Furbo 360 up to FB0035FW036. This vulnerability affects unknown code of the component File Upload. This manipulation causes resource consumption. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did n...
SUSE CVE-2024-26623
In the Linux kernel, the following vulnerability has been resolved: pdscore: Prevent race issues involving the adminq There are multiple paths that can result in using the pdsc's adminq. 1 pdscadminqisr and the resulting work from queuework, i.e. pdscworkthread-pdscprocessadminq 2 pdscadminqpost...
DEBIAN-CVE-2024-26623
In the Linux kernel, the following vulnerability has been resolved: pdscore: Prevent race issues involving the adminq There are multiple paths that can result in using the pdsc's adminq. 1 pdscadminqisr and the resulting work from queuework, i.e. pdscworkthread-pdscprocessadminq 2 pdscadminqpost...
UBUNTU-CVE-2024-26623
In the Linux kernel, the following vulnerability has been resolved: pdscore: Prevent race issues involving the adminq There are multiple paths that can result in using the pdsc's adminq. 1 pdscadminqisr and the resulting work from queuework, i.e. pdscworkthread-pdscprocessadminq 2 pdscadminqpost...
CVE-2020-5534
Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors...
CVE-2019-3416
All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to control the user terminal system...
CVE-2019-13407
A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly...
CVE-2016-7825
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands...
CVE-2017-6334
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the hostname field of an HTTP POST request, a different vulnerability than CVE-2017-6077...