EUVD-2025-8561

Malicious code in bioql PyPI...

EUVD-2025-8555

Malicious code in bioql PyPI...

CVE-2025-27567

Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from t...

CVE-2024-21865

HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell...

CVE-2024-28041

HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command...

CVE-2025-27932

Improper limitation of a pathname to a restricted directory 'Path Traversal' issue exists in the file deletion process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an attacker may delete a file on the device or cause a...

CVE-2025-27718

Improper limitation of a pathname to a restricted directory 'Path Traversal' issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered or...

CVE-2025-27574

Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only...

CVE-2025-27574

Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only...

CVE-2025-27574

CVE-2025-27574: A stored cross-site scripting (XSS) flaw in the USB storage file-sharing function affects HGW-BL1500HM versions 002.002.003 and earlier. Exploitation could cause arbitrary script execution in the web browser of the user interfacing with the configuration page or LAN-accessible UI....

CVE-2025-27567

Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from t...

CVE-2025-27567

Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from t...

CVE-2025-27567

HGW-BL1500HM (KDDI) contains a stored cross-site scripting (CWE-79) vulnerability in the NickName registration screen for Ver 002.002.003 and earlier. If exploited, an arbitrary script may be executed in the web browser of the user using the configuration page or functions accessible from the LAN...

KDDI HGW BL1500HM 路径遍历漏洞

The KDDI HGW BL1500HM is a home router from KDDI Japan. A path traversal vulnerability exists in KDDI HGW BL1500HM 002.002.003 and earlier versions, which stems from path traversal in the USB storage file sharing feature and could lead to the acquisition or modification of files...

Multiple vulnerabilities in home gateway HGW-BL1500HM

Overview Home gateway HGW-BL1500HM provided by KDDI CORPORATION contains multiple vulnerabilities listed below. Stored cross-site scripting in the NickName registration screen CWE-79 - CVE-2025-27567 Stored cross-site scripting in the USB storage file-sharing function CWE-79 - CVE-2025-27574 Path...

CVE-2024-29071

HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings...

CVE-2024-21865

HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell...

CVE-2024-21865

The HGW BL1500HM router (firmware 002.001.013 and earlier) is affected by CVE-2024-21865 due to use of weak credentials. An adjacent unauthenticated attacker can connect via SSH and obtain a shell. Remediation: update firmware to 002.001.019 (per JVN RedHat/RH entries). The impact is limited to c...

CVE-2024-29071

CVE-2024-29071 affects HGW BL1500HM (ver. ≤002.001.013). The issue is use of weak credentials allowing a network-adjacent, unauthenticated attacker to change system settings. JVN detects multiple vulnerabilities in the same device family and notes the vendor fixed these issues in 002.001.019; Red...

CVE-2024-29071

HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings...