Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

386 matches found

RedhatCVE
RedhatCVEadded 2026/06/08 2:58 a.m.9 views

CVE-2026-11449

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS6.2AI score0.01102EPSS
Exploits0References1
NVD
NVDadded 2026/06/07 3:16 a.m.10 views

CVE-2026-11449

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS0.01102EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/06/07 2:15 a.m.6 views

CVE-2026-11449 GL.iNet GL-MT3000 LuCI JSON-RPC rpc rpc_sys command injection

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS6.2AI score0.01102EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/06/07 2:15 a.m.39 views

CVE-2026-11449 GL.iNet GL-MT3000 LuCI JSON-RPC rpc rpc_sys command injection

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS0.01102EPSS
Exploits0References6
CVE
CVEadded 2026/06/07 2:15 a.m.28 views

CVE-2026-11449

GL.iNet GL-MT3000 (v4.4.5) is affected by a remote command injection in LuCI JSON-RPC Interface, via the rpc_sys function in /cgi-bin/luci/rpc. Root cause is not explicitly stated beyond the vulnerability description; CVSS metrics in the connected sources indicate MEDIUM severity (CVSSv3.1 base 6...

6.5CVSS6.2AI score0.01102EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/06/07 2:15 a.m.4 views

CVE-2026-11449

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS5.2AI score0.01102EPSS
Exploits0References7Affected Software1
CNNVD
CNNVDadded 2026/06/07 12:0 a.m.7 views

GL.iNet GL-MT3000 命令注入漏洞

GL.iNet GL-MT3000 is a portable travel router from the company GL.iNet, which supports Wi-Fi 6 and VPN functions. Version 4.4.5 of GL.iNet GL-MT3000 has a command injection vulnerability. This vulnerability stems from a problem with the function “rpcsys” in the LuCI JSON-RPC Interface component...

6.5CVSS6.4AI score0.01102EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/06/07 12:0 a.m.17 views

PT-2026-47170

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpc sys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS6.2AI score0.01102EPSS
Exploits0References7
NVD
NVDadded 2026/05/26 3:16 p.m.12 views

CVE-2026-46368

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS0.02671EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/26 2:8 p.m.10 views

EUVD-2026-31836

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS6.1AI score0.02671EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/26 2:8 p.m.9 views

CVE-2026-46368 luci-app-https-dns-proxy Authenticated Command Injection via setInitAction

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS6.1AI score0.02671EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/26 2:8 p.m.37 views

CVE-2026-46368 luci-app-https-dns-proxy Authenticated Command Injection via setInitAction

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS0.02671EPSS
Exploits0References3
CVE
CVEadded 2026/05/26 2:8 p.m.32 views

CVE-2026-46368

CVE-2026-46368 affects the OpenWrt luci-app-https-dns-proxy package (not Core OpenWrt). The vulnerability is a command injection in setInitAction via a ubus RPC call; an authenticated user with the luci.https-dns-proxy ACL can inject shell metacharacters through the 'name' parameter, enabling arb...

8.8CVSS6.1AI score0.02671EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/26 2:8 p.m.8 views

CVE-2026-46368

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS6.1AI score0.02671EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.14 views

PT-2026-43259

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS6.1AI score0.02671EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/03/27 2:23 p.m.8 views

CVE-2021-27821

The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution...

6.1CVSS7AI score0.00787EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:15 p.m.5 views

CVE-2026-4537

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

5.8CVSS5AI score0.10296EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/22 6:30 a.m.2 views

EUVD-2026-14277

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

5.8CVSS5.6AI score0.10296EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/03/22 4:2 a.m.1 views

CVE-2026-4537 Cudy TR1200 ipsec.lua action_ipsec_conn command injection

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

5.8CVSS5AI score0.10296EPSS
Exploits0References4
NVD
NVDadded 2026/03/19 11:16 p.m.4 views

CVE-2026-32721

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...

8.6CVSS0.00239EPSS
Exploits0References3
Rows per page
Query Builder