CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/26 2:8 p.m.•9 views

EUVD-2026-31836

CVE•added 2026/05/26 2:8 p.m.•15 views

CVE-2026-46368

CVE-2026-46368 affects the OpenWrt luci-app-https-dns-proxy package (not Core OpenWrt). The vulnerability is a command injection in setInitAction via a ubus RPC call; an authenticated user with the luci.https-dns-proxy ACL can inject shell metacharacters through the 'name' parameter, enabling arb...

ATTACKERKB•added 2026/05/26 2:8 p.m.•6 views

CVE-2026-46368

Vulnrichment•added 2026/05/26 2:8 p.m.•7 views

CVE-2026-46368 luci-app-https-dns-proxy Authenticated Command Injection via setInitAction

Cvelist•added 2026/05/26 2:8 p.m.•33 views

CVE-2026-46368 luci-app-https-dns-proxy Authenticated Command Injection via setInitAction

8.8CVSS0.0008EPSS

Positive Technologies•added 2026/05/26 12:0 a.m.•8 views

PT-2026-43259

RedhatCVE•added 2026/01/09 9:33 a.m.•3 views

Exploits0References4

CVE-2024-39208

luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials...

9.8CVSS7.4AI score0.00112EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 9:27 a.m.•3 views

CVE-2024-39209

luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter...

6.3CVSS8AI score0.00252EPSS

Exploits0References1

NVD•added 2024/06/27 9:15 p.m.•13 views

CVE-2024-39209

luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter...

6.3CVSS0.00252EPSS

NVD•added 2024/06/27 8:15 p.m.•10 views

CVE-2024-39208

luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials...

9.8CVSS0.00112EPSS

CVE•added 2024/06/27 12:0 a.m.•41 views

CVE-2024-39208

CVE-2024-39208 affects luci-app-lucky v2.8.3 and stems from hardcoded credentials in the software. Public sources (NVD, Red Hat, CNNVD, CVE listing) assign a high impact with CVSS v3.1 base score 9.8 (Network attack, no user interaction, privileges NONE, scope UNCHANGED; Confidentiality/Integrity...

9.8CVSS7.4AI score0.00112EPSS

Positive Technologies•added 2024/06/27 12:0 a.m.•3 views

PT-2024-28388 · Unknown · Luci-App-Lucky

Name of the Vulnerable Software and Affected Versions: luci-app-lucky version 2.8.3 Description: The issue is related to hardcoded credentials in the software. Recommendations: For luci-app-lucky version 2.8.3, update to a version where the hardcoded credentials issue is resolved, if available. A...

9.8CVSS6.9AI score0.00112EPSS

Vulnrichment•added 2024/06/27 12:0 a.m.•12 views

CVE-2024-39209

luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter...

8AI score0.00252EPSS

Cvelist•added 2024/06/27 12:0 a.m.•19 views

CVE-2024-39209

luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter...

0.00252EPSS

Vulnrichment•added 2024/06/27 12:0 a.m.•13 views

CVE-2024-39208

luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials...

7.3AI score0.00112EPSS

CNNVD•added 2024/06/27 12:0 a.m.•1 views

luci-app-lucky security vulnerability

luci-app-lucky is a LuCI application designed for OpenWrt firmware by the individual developer gdy666. A security vulnerability exists in luci-app-lucky version v2.8.3, which stems from the use of hard-coded credentials...

9.8CVSS6.9AI score0.00112EPSS

CVE•added 2024/06/27 12:0 a.m.•41 views

CVE-2024-39209

The CVE-2024-39209 entry concerns luci-app-sms-tool v1.9-6, which has a command injection vulnerability exploitable via the score parameter. The issue is documented across multiple feeds (NVD, Red Hat, CVE lists). Affected component: luci-app-sms-tool, version 1.9-6. Root cause: command injection...

6.3CVSS7.7AI score0.00252EPSS

Cvelist•added 2024/06/27 12:0 a.m.•16 views

CVE-2024-39208

luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials...

0.00112EPSS