Lucene search
K

548 matches found

OSV
OSV
added 2026/03/19 10:46 p.m.5 views

CVE-2026-32721 LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...

8.6CVSS5.9AI score0.00239EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/19 10:46 p.m.22 views

CVE-2026-32721 LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...

8.6CVSS0.00239EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:46 p.m.3 views

CVE-2026-32721

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...

8.6CVSS5.8AI score0.00239EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/19 10:46 p.m.2 views

CVE-2026-32721 LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...

8.6CVSS5.8AI score0.00239EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/19 10:46 p.m.8 views

EUVD-2026-13382

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...

8.6CVSS5.8AI score0.00239EPSS
Exploits0References3
CVE
CVE
added 2026/03/19 10:46 p.m.32 views

CVE-2026-32721

LuCI (OpenWrt configuration interface) is affected by a stored XSS in the wireless scan modal within luci-mod-network. The vulnerability arises because SSIDs from scan results are rendered as raw HTML via innerHTML in wireless.js when passed to dom.append(), allowing a malicious SSID to execute a...

8.6CVSS5.8AI score0.00239EPSS
Exploits0References3Affected Software2
Vulnrichment
Vulnrichment
added 2026/03/19 10:36 p.m.9 views

CVE-2026-30874 OpenWrt procd PATH Environment Variable Filter Bypass via Incorrect String Comparison Leads to Privilege Escalation

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

1.8CVSS5.8AI score0.00296EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/19 10:36 p.m.20 views

CVE-2026-30874 OpenWrt procd PATH Environment Variable Filter Bypass via Incorrect String Comparison Leads to Privilege Escalation

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

1.8CVSS0.00296EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/19 10:36 p.m.4 views

EUVD-2026-13378

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

1.8CVSS5.8AI score0.00296EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:36 p.m.1 views

CVE-2026-30874

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

1.8CVSS5.8AI score0.00296EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/19 10:36 p.m.5 views

CVE-2026-30874 OpenWrt procd PATH Environment Variable Filter Bypass via Incorrect String Comparison Leads to Privilege Escalation

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

1.8CVSS6AI score0.00296EPSS
Exploits0References4
CVE
CVE
added 2026/03/19 10:36 p.m.24 views

CVE-2026-30874

OpenWrt procd PATH environment variable filter bypass (CVE-2026-30874). In OpenWrt versions prior to 24.10.6, hotplug_call does not exclude PATH due to a strcmp vs strncmp bug, allowing a local attacker to influence which binaries are executed by procd-invoked scripts with elevated privileges, po...

7.8CVSS5.8AI score0.00296EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/03/19 10:16 p.m.12 views

CVE-2026-30872

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the matchipv6addresses function, triggered when processing PTR queries for IPv6 reverse DNS domains .ip6.arpa receiv...

9.8CVSS0.02221EPSS
Exploits0References3
NVD
NVD
added 2026/03/19 10:16 p.m.11 views

CVE-2026-30871

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parsequestion function. The issue is triggered by PTR queries for reverse DNS domains .in-addr.arpa and .ip6.arp...

9.8CVSS0.01211EPSS
Exploits0References3
NVD
NVD
added 2026/03/19 10:16 p.m.10 views

CVE-2026-30873

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

4.9CVSS0.00515EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/19 10:1 p.m.25 views

CVE-2026-30873 OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

2.4CVSS0.00515EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:1 p.m.1 views

CVE-2026-30873

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

2.4CVSS5.7AI score0.00515EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/19 10:1 p.m.6 views

CVE-2026-30873 OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

2.4CVSS5.7AI score0.00515EPSS
Exploits0References3
CVE
CVE
added 2026/03/19 10:1 p.m.10 views

CVE-2026-30873

CVE-2026-30873 affects OpenWrt Project’s jsonpath component, specifically the jp_get_token function used during lexical analysis. In OpenWrt releases prior to 24.10.6 and 25.12.1, memory allocated for strings, field labels, and regular expressions is copied to a new jp_opcode object without freei...

4.9CVSS5.7AI score0.00515EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/19 10:1 p.m.13 views

CVE-2026-30873 OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

2.4CVSS5.8AI score0.00515EPSS
Exploits0References5
Rows per page
Query Builder