Lucene search
K

3873 matches found

Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.6 views

PT-2025-39076

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X versions 240126/240802/250416 Description A flaw exists in D-Link DIR-823X that allows for command injection. This occurs due to manipulation of the port argument within an unknown functionality of the file /usr/sbin/goahead. T...

8.8CVSS6.2AI score0.06115EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.10 views

PT-2025-38673

Name of the Vulnerable Software and Affected Versions: Wavlink WL-NU516U1 version 240425 Description: A security issue has been identified in the sub 4012A0 function of the /cgi-bin/login.cgi file. Manipulation of the ipaddr argument can lead to operating system command injection. This attack is...

5.8CVSS4.6AI score0.20023EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/09/20 9:13 p.m.15 views

CVE-2025-10689

A vulnerability was identified in D-Link DIR-645 105B01. This issue affects the function soapcgimain of the file /soap.cgi. Such manipulation of the argument service leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be used. This...

6.5CVSS6.5AI score0.04558EPSS
Exploits1References1
CVE
CVE
added 2025/09/18 8:32 p.m.22 views

CVE-2025-10689

The CVE-2025-10689 entry concerns D-Link DIR-645 firmware (model 105B01). A vulnerability exists in the soapcgi_main function within /soap.cgi where manipulation of the service argument enables remote command injection. The issue can be exploited remotely and publicly available exploit code is no...

9.8CVSS6.5AI score0.04558EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/09/18 8:32 p.m.8 views

CVE-2025-10689 D-Link DIR-645 soap.cgi soapcgi_main command injection

A vulnerability was identified in D-Link DIR-645 105B01. This issue affects the function soapcgimain of the file /soap.cgi. Such manipulation of the argument service leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be used. This...

6.5CVSS0.04558EPSS
Exploits1References5
NVD
NVD
added 2025/09/18 2:15 a.m.4 views

CVE-2025-10634

A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminaladdr/serverip/serverport causes command injection. The atta...

8.8CVSS0.07359EPSS
Exploits1References6
NVD
NVD
added 2025/09/18 1:15 a.m.6 views

CVE-2025-10629

A vulnerability was determined in D-Link DIR-852 1.00CN B09. This issue affects the function ssdpcgimain of the file htodcs/cgibin of the component Simple Service Discovery Protocol Service. Executing manipulation of the argument ST can lead to command injection. The attack may be performed from...

8.8CVSS0.05363EPSS
Exploits1References5
OSV
OSV
added 2025/09/18 1:15 a.m.3 views

CVE-2025-10629

A vulnerability was determined in D-Link DIR-852 1.00CN B09. This issue affects the function ssdpcgimain of the file htodcs/cgibin of the component Simple Service Discovery Protocol Service. Executing manipulation of the argument ST can lead to command injection. The attack may be performed from...

8.8CVSS5.6AI score0.05363EPSS
Exploits1References5
NVD
NVD
added 2025/09/18 1:15 a.m.6 views

CVE-2025-10628

A vulnerability was found in D-Link DIR-852 1.00CN B09. This vulnerability affects unknown code of the file /htdocs/cgibin/hedwig.cgi of the component Web Management Interface. Performing manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has...

8.8CVSS0.08849EPSS
Exploits1References5
CVE
CVE
added 2025/09/18 1:2 a.m.21 views

CVE-2025-10634

CVE-2025-10634 affects D-Link DIR-823X routers (versions 240126, 240802, 250416). The issue is in the Environment Variable Handler’s /usr/sbin/goahead component, specifically function sub_412E7C, where manipulating arguments terminal_addr/server_ip/server_port enables remote command injection. Th...

8.8CVSS6.5AI score0.07359EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/18 12:32 a.m.3 views

CVE-2025-10629 D-Link DIR-852 Simple Service Discovery Protocol Service cgibin ssdpcgi_main command injection

A vulnerability was determined in D-Link DIR-852 1.00CN B09. This issue affects the function ssdpcgimain of the file htodcs/cgibin of the component Simple Service Discovery Protocol Service. Executing manipulation of the argument ST can lead to command injection. The attack may be performed from...

6.5CVSS6.4AI score0.05363EPSS
Exploits1References5
CVE
CVE
added 2025/09/18 12:32 a.m.21 views

CVE-2025-10629

The CVE-2025-10629 affects D-Link DIR-852 (firmware 1.00CN B09) in the Simple Service Discovery Protocol Service, specifically the ssdpcgi_main function in htodcs/cgibin. The vulnerability arises from insufficient input filtering of the ST argument, enabling command injection and potential remote...

8.8CVSS6.4AI score0.05363EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/09/18 12:32 a.m.8 views

CVE-2025-10629 D-Link DIR-852 Simple Service Discovery Protocol Service cgibin ssdpcgi_main command injection

A vulnerability was determined in D-Link DIR-852 1.00CN B09. This issue affects the function ssdpcgimain of the file htodcs/cgibin of the component Simple Service Discovery Protocol Service. Executing manipulation of the argument ST can lead to command injection. The attack may be performed from...

6.5CVSS0.05363EPSS
Exploits1References5
CVE
CVE
added 2025/09/18 12:2 a.m.19 views

CVE-2025-10628

D-Link DIR-852 (1.00CN B09) Web Management Interface component /htdocs/cgibin/hedwig.cgi is affected by a command-injection vulnerability. The issue arises from insufficient input filtering in hedwig.cgi, enabling remote exploitation. Public exploits exist and the affected devices are noted as no...

8.8CVSS6.5AI score0.08849EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/09/18 12:2 a.m.8 views

CVE-2025-10628 D-Link DIR-852 Web Management hedwig.cgi command injection

A vulnerability was found in D-Link DIR-852 1.00CN B09. This vulnerability affects unknown code of the file /htdocs/cgibin/hedwig.cgi of the component Web Management Interface. Performing manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has...

6.5CVSS0.08849EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/09/18 12:0 a.m.15 views

PT-2025-38294

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X versions 240126, 240802, and 250416 Description A weakness exists in the Environment Variable Handler component of the D-Link DIR-823X router. Manipulation of the terminal addr, server ip, or server port argument within the sub...

6.5CVSS6.4AI score0.07359EPSS
Exploits1References11
NVD
NVD
added 2025/09/17 9:15 p.m.4 views

CVE-2025-10619

A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. This affects the function redirectToAuthorization of the file src/helpers/node-oauth-client-provider.ts of the component OAuth Server Discovery. Performing manipulation results in os command injection. Remote exploitation of the...

6.5CVSS0.01628EPSS
Exploits0References6
OSV
OSV
added 2025/09/17 9:15 p.m.4 views

CVE-2025-10619

A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. This affects the function redirectToAuthorization of the file src/helpers/node-oauth-client-provider.ts of the component OAuth Server Discovery. Performing manipulation results in os command injection. Remote exploitation of the...

5.3CVSS6.8AI score
Exploits0References6
Cvelist
Cvelist
added 2025/09/17 9:2 p.m.11 views

CVE-2025-10619 sequa-ai sequa-mcp OAuth Server Discovery node-oauth-client-provider.ts redirectToAuthorization os command injection

A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. This affects the function redirectToAuthorization of the file src/helpers/node-oauth-client-provider.ts of the component OAuth Server Discovery. Performing manipulation results in os command injection. Remote exploitation of the...

6.5CVSS0.01628EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/17 11:36 a.m.4 views

CVE-2025-10442

A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed...

8.8CVSS7.1AI score0.08317EPSS
Exploits1References1
Rows per page
Query Builder