CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

50 matches found

Vulnrichment•added 2026/03/26 4:5 a.m.•2 views

CVE-2026-4840 Netcore Power 15AX Diagnostic Tool netis.cgi setTools os command injection

A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affected by this issue is the function setTools of the file /bin/netis.cgi of the component Diagnostic Tool Interface. Performing a manipulation of the argument IpAddr results in os command injection. Remote exploitation ...

9CVSS6.8AI score0.00218EPSS

Exploits0References4

EUVD•added 2026/03/08 6:31 a.m.•1 views

EUVD-2026-10211

A flaw has been found in Wavlink NU516U1 251208. This affects the function sub401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exploit has been published and may be used. Upgrading...

10CVSS5.5AI score0.00295EPSS

Exploits1References7

OSV•added 2026/03/08 5:16 a.m.•1 views

CVE-2026-3703

9.8CVSS5.5AI score0.00295EPSS

Exploits1References6

NVD•added 2026/03/08 5:16 a.m.•3 views

CVE-2026-3703

10CVSS0.00295EPSS

Exploits1References6

ATTACKERKB•added 2026/03/08 4:32 a.m.•2 views

CVE-2026-3703

10CVSS7AI score0.00295EPSS

Exploits1References6Affected Software1

CVE•added 2026/03/06 1:2 a.m.•11 views

CVE-2026-3613

The CVE describes a stack-based buffer overflow in Wavlink WL-NU516U1 (firmware v240425) via the function sub_401A0C in /cgi-bin/login.cgi, caused by manipulation of the ipaddr argument. This allows a remote attacker to exploit a vulnerability with a publicly available exploit, potentially impact...

8.6CVSS6.4AI score0.00145EPSS

Exploits1References4Affected Software1

CNNVD•added 2026/03/06 12:0 a.m.•2 views

WAVLINK WL-NU516U1 安全漏洞

The WAVLINK WL-NU516U1 is a wireless print server developed by WAVLINK Corporation. The Wavlink WL-NU516U1 V240425 version contains a security vulnerability. This vulnerability stems from incorrect handling of the parameter ipaddr in the file/cgi-bin/login.cgi, which may lead to a stack buffer...

8.6CVSS7.4AI score0.00145EPSS

Exploits1References4

CNVD•added 2026/02/11 12:0 a.m.•0 views

TOTOLINK WA300 OS Command Injection Vulnerability

TOTOLINK WA300 is a wireless access point from China Gion Electronics TOTOLINK. The TOTOLINK WA300 suffers from an operating system command injection vulnerability that originates from the parameter Ipaddr in the file /cgi-bin/cstecgi.cgi failing to correctly filter constructed command special...

8.8CVSS6.7AI score0.00408EPSS

Exploits1References1

RedhatCVE•added 2026/02/09 7:23 p.m.•4 views

CVE-2026-2167

A vulnerability was detected in Totolink WA300 5.2cu.7112B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed from remote. The exploit is now public and m...

8.8CVSS5.3AI score0.00408EPSS

Exploits1References1

NVD•added 2026/02/08 5:15 p.m.•3 views

CVE-2026-2167

8.8CVSS0.00408EPSS

Exploits1References5

ATTACKERKB•added 2026/02/08 5:2 p.m.•6 views

CVE-2026-2167

6.5CVSS6.4AI score0.00408EPSS

Exploits1References5Affected Software1

CNNVD•added 2026/02/08 12:0 a.m.•3 views

TOTOLINK WA300 操作系统命令注入漏洞

8.8CVSS6.7AI score0.00408EPSS

Exploits1References6

CNNVD•added 2026/01/27 12:0 a.m.•1 views

D-Link DIR-615 Operating System Command Injection

The D-Link DIR-615 is a wireless router produced by D-Link Corporation. Versions of D-Link DIR-615 prior to 4.10 contained a vulnerability related to operating system command injection. This vulnerability stemmed from incorrect operations on the parameter ipaddr in the component Web Management...

8.6CVSS7AI score0.00561EPSS

Exploits1References5

Vulnrichment•added 2026/01/26 11:32 p.m.•2 views

CVE-2026-1448 D-Link DIR-615 Web Management wiz_policy_3_machine.php os command injection

A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wizpolicy3machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotel...

8.6CVSS5.6AI score0.00561EPSS

Exploits1References5

Positive Technologies•added 2026/01/26 12:0 a.m.•3 views

PT-2026-4835

Name of the Vulnerable Software and Affected Versions D-Link DIR-615 versions up to 4.10 Description A flaw exists in the Web Management Interface component of D-Link DIR-615. Specifically, a manipulation of the ipaddr argument in the /wiz policy 3 machine.php file can lead to os command injectio...

8.6CVSS7AI score0.00561EPSS

Exploits1References11

RedhatCVE•added 2025/10/08 2:14 p.m.•1 views

CVE-2025-54399

Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...

8.8CVSS7.5AI score0.00077EPSS

Exploits1References1

RedhatCVE•added 2025/10/08 2:13 p.m.•2 views

CVE-2025-54405

Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command...

8.8CVSS7.9AI score0.00481EPSS

Exploits1References1

NVD•added 2025/10/07 2:15 p.m.•3 views

CVE-2025-54405

8.8CVSS0.00481EPSS

Exploits1References2

OSV•added 2025/10/07 2:15 p.m.•1 views

CVE-2025-54399

8.8CVSS6.3AI score0.00077EPSS

Exploits1References2

Vulnrichment•added 2025/10/07 1:55 p.m.•1 views

CVE-2025-54399