Lucene search
K

191 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-4391

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.10113EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-23279

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00252EPSS
Exploits0References2
NVD
NVD
added 2025/09/22 7:15 p.m.5 views

CVE-2025-57685

The LB-Link routers, including the BL-AC2100AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000AE4 v2.4.9, BL-AC1900AZ2 v1.0.2, BL-X26AC8 v1.2.8, and BL-LTE300DA4 V1.2.3 models, are vulnerable to unauthorized command injection. Attackers can exploit this vulnerability by accessing the /goform/setserialcfg...

8.8CVSS0.01205EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.8 views

PT-2025-39007

The LB-Link routers, including the BL-AC2100 AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000 AE4 v2.4.9, BL-AC1900 AZ2 v1.0.2, BL-X26 AC8 v1.2.8, and BL-LTE300 DA4 V1.2.3 models, are vulnerable to unauthorized command injection. Attackers can exploit this vulnerability by accessing the /goform/set serial...

7.4AI score0.01205EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.6 views

LB-LINK BL-AC2100 安全漏洞

LB-LINK BL-AC2100 is a wireless Wi-Fi 6 router from China Bilink LB-LINK. A security vulnerability exists in LB-LINK BL-AC2100 1.0.3 and earlier versions, which originates from the improper handling of parameter Type in the delshrpath function of the /goform/setdelshrpathcfg file in the Web...

9CVSS8.9AI score0.03717EPSS
Exploits1References5
CVE
CVE
added 2025/09/22 12:0 a.m.16 views

CVE-2025-57685

The CVE-2025-57685 issue affects LB-Link routers including BL-AC2100_AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000_AE4 v2.4.9, BL-AC1900_AZ2 v1.0.2, BL-X26_AC8 v1.2.8, and BL-LTE300_DA4 V1.2.3. According to the provided sources, the vulnerability is an unauthorized command injection via the /goform/set...

8.8CVSS7.1AI score0.01205EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/11 12:16 a.m.18 views

CVE-2025-57278

The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800B10ALKSLV01.01.02P42U1406 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants access to any other client using that same IP, without requiring credentials or...

8.8CVSS6.9AI score0.00406EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.4 views

LB-Link BL-CPE300M AX300 4G LTE Router 安全漏洞

LB-Link BL-CPE300M AX300 4G LTE Router is a router from China Bilink LB-Link. A security vulnerability exists in the LB-Link BL-CPE300M AX300 4G LTE Router that stems from improper session handling, which could lead to authentication bypass...

8.8CVSS6.8AI score0.00406EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/09/09 12:0 a.m.9 views

CVE-2025-57278

The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800B10ALKSLV01.01.02P42U1406 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants access to any other client using that same IP, without requiring credentials or...

0.00406EPSS
Exploits1References2
CVE
CVE
added 2025/09/09 12:0 a.m.18 views

CVE-2025-57278

LB-Link LB-CPE300M AX300 4G router (firmware BL-R8800_B10_ALK_SL_V01.01.02P42U14_06) has improper session handling, enabling authentication bypass by reusing a previously authenticated IP address. There are no session tokens, cookies, or unique identifiers, allowing full admin access when an atta...

8.8CVSS6.4AI score0.00406EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/31 12:4 a.m.4 views

CVE-2025-9580

A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/setblacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been...

8.8CVSS7AI score0.06729EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/31 12:4 a.m.5 views

CVE-2025-9579

A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/sethidessidcfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been ma...

8.8CVSS7AI score0.0692EPSS
Exploits1References1
OSV
OSV
added 2025/08/28 7:15 p.m.5 views

CVE-2025-9579

A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/sethidessidcfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been ma...

8.8CVSS5.7AI score0.0692EPSS
Exploits1References5
OSV
OSV
added 2025/08/28 7:15 p.m.6 views

CVE-2025-9580

A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/setblacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been...

8.8CVSS5.6AI score0.06729EPSS
Exploits1References5
NVD
NVD
added 2025/08/28 7:15 p.m.6 views

CVE-2025-9580

A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/setblacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been...

8.8CVSS0.06729EPSS
Exploits1References5
NVD
NVD
added 2025/08/28 7:15 p.m.4 views

CVE-2025-9579

A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/sethidessidcfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been ma...

8.8CVSS0.0692EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/08/28 7:2 p.m.11 views

CVE-2025-9580 LB-LINK BL-X26 HTTP set_blacklist os command injection

A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/setblacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been...

6.5CVSS0.06729EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/08/28 7:2 p.m.3 views

CVE-2025-9580 LB-LINK BL-X26 HTTP set_blacklist os command injection

A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/setblacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been...

6.5CVSS6.4AI score0.06729EPSS
Exploits1References5
CVE
CVE
added 2025/08/28 7:2 p.m.18 views

CVE-2025-9580

CVE-2025-9580 affects LB-LINK BL-X26 v1.2.8. The vulnerability lies in the HTTP Handler’s /goform/set_blacklist where manipulating the mac argument enables OS command injection. Exploitation is possible remotely and publicly disclosed; at least one advisory notes exploitation and lack of vendor r...

8.8CVSS6.4AI score0.06729EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/28 6:32 p.m.3 views

CVE-2025-9579 LB-LINK BL-X26 HTTP set_hidessid_cfg os command injection

A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/sethidessidcfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been ma...

6.5CVSS6.4AI score0.0692EPSS
Exploits1References5
Rows per page
Query Builder