VulnCheck KEV: CVE-2024-40890

Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request...

TOTOLINK A810R Command Injection Vulnerability (CNVD-2025-02379)

The TOTOLink A810R is a wireless dual-band router from China's TotoLink. The TOTOLINK A810R suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands by sending HTTP requests...

The vulnerability of the sdnproxy module of the FortiAnalyzer security monitoring and event analysis tool, as well as the FortiManager device management software, allows a perpetrator to execute arbitrary code and gain increased privileges.

The vulnerability of the sdnproxy module of the FortiAnalyzer security monitoring and event analysis tool, as well as the FortiManager device management software, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to...

CVE-2022-23439

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the Host header points to an arbitrary webserver...

CVE-2022-23439

CVE-2022-23439 describes an externally controlled reference to a resource in another sphere vulnerability in Fortinet products that enables an attacker to poison web caches via crafted HTTP requests using the Host header. The core issue is the Host header pointing to an arbitrary webserver, enabl...

CVE-2022-23439

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the Host header points to an arbitrary webserver...

CVE-2022-23439

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the Host header points to an arbitrary webserver...

The vulnerability of the downloadFile.cgi function in the microprogramming software for the Totolink-A810R router allows a hacker to execute arbitrary code.

The vulnerability of the downloadFile.cgi function in the Totolink-A810R router microprogramming system is related to the lack of measures taken to neutralize special elements operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a...

CVE-2024-45091

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs...

ROS-20250121-06

A vulnerability in the Tornado asynchronous network library is related to the fact that the application does not control internal resource consumption properly when analyzing HTTP-cookies. internal resource consumption properly when analyzing HTTP-cookies. Exploitation of the vulnerability could...

PT-2025-4259 · Oracle · Peoplesoft Enterprise Fin Cash Management

Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise FIN Cash Management version 9.2 Description: The issue is related to weaknesses in the authorization mechanism of the Cash Management component in PeopleSoft Enterprise FIN Cash Management. This can be exploited by a...

CVE-2025-24013

CodeIgniter (PHP full‑stack framework) has a header validation issue prior to version 4.5.8 in the Header class, allowing construction of deliberately malformed HTTP headers. This could disrupt application functionality and potentially produce invalid HTTP requests; in some cases, remote service ...

The vulnerability of the WebSocket module in Node.js operating systems on FortiOS and proxy servers, which allows attackers to elevate privileges to the “super-admin” level.

The vulnerability of the WebSocket module in Node.js operating systems on FortiOS and FortiProxy proxy servers relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to elevate their privileges to “super-admi...

CVE-2024-39802

Multiple buffer overflow vulnerabilities exist in the qos.cgi qossettings functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer...

CVE-2024-39770

Multiple buffer overflow vulnerabilities exist in the internet.cgi setqos functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This...

CVE-2024-39294

A buffer overflow vulnerability exists in the adm.cgi setwzdgw4G functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-34166

An os command injection vulnerability exists in the touchlistsync.cgi touchlistsync functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2024-34166

An os command injection vulnerability exists in the touchlistsync.cgi touchlistsync functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2024-34166

CVE-2024-34166 affects Wavlink AC3000 M33A8.V5030.210505. The vulnerability is an OS command injection in the touchlist_sync.cgi touchlistsync() function, exploited by a specially crafted HTTP request to trigger arbitrary code execution. Cisco Talos (TALOS-2024-2000) documents a high/severe impac...

CVE-2024-34166

An os command injection vulnerability exists in the touchlistsync.cgi touchlistsync functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability...