Lucene search
K

12 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/31 8:48 a.m.4 views

CVE-2025-41355

Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...

5.1CVSS6AI score0.00194EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29209

Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...

5.1CVSS6AI score0.00194EPSS
Exploits0References2
CVE
CVE
added 2025/12/30 8:32 a.m.16 views

CVE-2025-15234

Affects: Tenda M3 router (version 1.0.0.13(4903)). Vulnerable component: /goform/setInternetLanInfo, specifically the function formSetRemoteInternetLanInfo manipulating arguments portIp/portMask/portGateWay/portDns/portSecDns, causing a heap-based buffer overflow. Impact: potential remote code ex...

9CVSS8.6AI score0.02475EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/12/30 8:32 a.m.23 views

CVE-2025-15234 Tenda M3 setInternetLanInfo formSetRemoteInternetLanInfo heap-based overflow

A weakness has been identified in Tenda M3 1.0.0.134903. Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the...

9CVSS0.02475EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/30 8:32 a.m.4 views

CVE-2025-15234 Tenda M3 setInternetLanInfo formSetRemoteInternetLanInfo heap-based overflow

A weakness has been identified in Tenda M3 1.0.0.134903. Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the...

9CVSS8.5AI score0.02475EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/30 8:32 a.m.4 views

EUVD-2025-205698

A weakness has been identified in Tenda M3 1.0.0.134903. Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the...

9CVSS6.8AI score0.02475EPSS
Exploits1References6
OSV
OSV
added 2025/12/09 9:15 p.m.6 views

CVE-2021-47728

Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local...

9.8CVSS6AI score0.02314EPSS
Exploits1References5
OSV
OSV
added 2025/04/15 1:15 p.m.3 views

CVE-2025-32102

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI...

5CVSS5.8AI score0.05736EPSS
Exploits2References4
OSV
OSV
added 2025/02/18 10:15 p.m.4 views

CVE-2025-25893

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort, inePort, exsPort, exePort, and protocol parameters. This vulnerability allows attackers to execute arbitrary operating system OS commands via a crafted packet...

8CVSS6.1AI score0.01001EPSS
Exploits0References1
OSV
OSV
added 2024/11/05 3:15 p.m.2 views

CVE-2024-50998

Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component openvpn.cgi via the openvpnserviceport and openvpnserviceporttun parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted POST request...

5.7CVSS5.8AI score0.00292EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/04/29 12:0 a.m.6 views

Mercusys Mercury X18G 跨站脚本漏洞

The Mercusys Mercury X18G is a router from the Chinese company Mercusys. A cross-site scripting vulnerability exists in MERCUSYS Mercury X18G 1.0.5 devices, which originates via manual values for the src dport start, src dport end, and dest port parameters...

6.1CVSS5.9AI score0.01111EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2018/07/24 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-34051

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgiquery endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP...

6.9CVSS5.9AI score0.0051EPSS
Exploits0References1
Rows per page
Query Builder