CVE-2025-15519

The CVE-2025-15519 affects TP-Link Archer NX200/NX210/NX500/NX600 devices, where an improper input handling in the modem-management CLI allows authenticated administrators to inject commands that are executed by the OS. This can impact confidentiality, integrity, and availability as described. No...

CVE-2025-15518 Command Injection in Wireless Control CLI on TP-Link Archer NX200, NX210, NX500 and NX600

Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the...

CVE-2025-15518

Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the...

CVE-2025-15517 Authorization Bypass in HTTP Server Endpoints on TP-Link Archer NX200, NX210, NX500 and NX600

A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and...

CVE-2025-15517 Authorization Bypass in HTTP Server Endpoints on TP-Link Archer NX200, NX210, NX500 and NX600

A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and...

CVE-2025-15517

A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and...

CVE-2025-15517

The CVE-2025-15517 entry describes an authentication-bypass in the HTTP server of TP-Link Archer NX200, NX210, NX500, and NX600. A missing auth check on certain CGI endpoints allows unauthenticated users to perform privileged HTTP actions, including firmware uploads and configuration changes. The...

CVE-2026-4590

creationtimestamp| type| source ---|---|--- 2026-03-23 16:42:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhqivwnuqq2i...

CVE-2026-4589

creationtimestamp| type| source ---|---|--- 2026-03-23 16:37:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhqimy7lgs2g...

CVE-2026-26829

creationtimestamp| type| source ---|---|--- 2026-03-23 16:16:48+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-26829...

CVE-2026-27459

creationtimestamp| type| source ---|---|--- 2026-03-23 16:05:34+00:00| seen| https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mhqgu2fwbtq2...

CVE-2019-25521

creationtimestamp| type| source ---|---|--- 2026-03-23 15:20:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhqecyw4xx2e...

CVE-2026-31848

creationtimestamp| type| source ---|---|--- 2026-03-23 14:44:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhqccu4f5n2n...

CVE-2025-62843

creationtimestamp| type| source ---|---|--- 2026-03-23 14:40:07+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mhqc3gk4px2k...

WordPress WP Telegram Widget and Join Link plugin <= 2.2.13 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin WP Telegram Widget and Join Link versions = 2.2.13...

CVE-2026-4582

creationtimestamp| type| source ---|---|--- 2026-03-23 12:46:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhq3qgow5w2y...

WordPress WowOptin: Next-Gen Popup Maker plugin <= 1.4.29 - Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API vulnerability

Unauthenticated Server-Side Request Forgery via 'link' Parameter in REST API vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin WowOptin versions = 1.4.29...

CVE-2026-4577

creationtimestamp| type| source ---|---|--- 2026-03-23 08:31:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhpnhxsubt2e...

CVE-2026-4600

creationtimestamp| type| source ---|---|--- 2026-03-23 06:54:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhpi3iqjyc2e 2026-03-24 06:00:15+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhrvirfmhx2p...

TP-LINK TD-W8961N 安全漏洞

TP-LINK TD-W8961N is a wireless router produced by TP-LINK Corporation. The TP-Link TD-W8961N v4.0 version has a security vulnerability. This vulnerability stems from improper input cleaning in the httpd component, which may cause a processing error triggered by specially crafted requests, leadin...