Lucene search
K

3872 matches found

Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.6 views

PT-2025-34797 · Ipfire · Ipfire

Name of the Vulnerable Software and Affected Versions: IPFire version 2.29 Description: The Calamaris log exporter CGI script /cgi-bin/logs.cgi/calamaris.dat does not properly sanitize user-supplied input before using it in shell commands. This allows a remote, unauthenticated attacker to inject...

6.5CVSS7.2AI score0.00371EPSS
Exploits1References5
NVD
NVD
added 2025/08/25 11:15 p.m.4 views

CVE-2025-9424

A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itboxpi/branchimport.php?a=branchlist. Such manipulation of the argument province leads to os command injection. The attack can be executed remotely. The exploit i...

9.8CVSS0.1826EPSS
Exploits1References4
OSV
OSV
added 2025/08/25 11:15 p.m.7 views

CVE-2025-9424

A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itboxpi/branchimport.php?a=branchlist. Such manipulation of the argument province leads to os command injection. The attack can be executed remotely. The exploit i...

9.8CVSS5.7AI score0.1826EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/08/25 10:32 p.m.3 views

CVE-2025-9424 Ruijie WS7204-A branch_import.php os command injection

A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itboxpi/branchimport.php?a=branchlist. Such manipulation of the argument province leads to os command injection. The attack can be executed remotely. The exploit i...

5.8CVSS7.6AI score0.1826EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/08/24 12:2 p.m.11 views

CVE-2025-9387 DCN DCME-720 Web Management Backend ip_block.php os command injection

A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ipblock.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate...

6.5CVSS0.09314EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/08/22 11:23 p.m.9 views

CVE-2025-9262

A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity...

8.1CVSS7.5AI score0.05236EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/22 8:26 p.m.13 views

CVE-2025-9244

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaticRoute of the file /goform/addStaticRoute. Such manipulation of the argument...

8.8CVSS7.7AI score0.08137EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/21 6:20 p.m.13 views

CVE-2025-9149

A vulnerability was determined in Wavlink WL-NU516U1 M16U1V240425. This impacts the function sub4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guestssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

6.5CVSS7.8AI score0.05603EPSS
Exploits1References1
NVD
NVD
added 2025/08/21 1:15 a.m.4 views

CVE-2025-24285

Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite. Affected Products: UniFi Connect EV Station Lite Version 1.5.1 and earlier Mitigation: Update UniFi...

9.8CVSS0.01181EPSS
Exploits0References1
NVD
NVD
added 2025/08/20 11:15 p.m.15 views

CVE-2025-9262

A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity...

8.1CVSS0.05236EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/08/20 11:2 p.m.20 views

CVE-2025-9262 wong2 mcp-cli oAuth provider.js redirectToAuthorization os command injection

A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity...

6.3CVSS0.05236EPSS
Exploits1References5
OSV
OSV
added 2025/08/20 8:15 p.m.7 views

CVE-2025-9244

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaticRoute of the file /goform/addStaticRoute. Such manipulation of the argument...

8.8CVSS5.6AI score0.08137EPSS
Exploits1References5
NVD
NVD
added 2025/08/20 8:15 p.m.24 views

CVE-2025-9244

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaticRoute of the file /goform/addStaticRoute. Such manipulation of the argument...

8.8CVSS0.08137EPSS
Exploits1References5
CVE
CVE
added 2025/08/20 7:32 p.m.21 views

CVE-2025-9244

The CVE-2025-9244 entry describes a remote OS command injection in Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 devices. Affected component: the addStaticRoute function in /goform/addStaticRoute. Exploitable by manipulating arguments staticRoute_IP_setting, staticRoute_Netmask_setting, stati...

8.8CVSS6.8AI score0.08137EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.11 views

PT-2025-34152 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250 versions 1.0.013.001 through 1.2.07.001 Linksys RE6300 versions 1.0.013.001 through 1.2.07.001 Linksys RE6350 versions 1.0.013.001 through 1.2.07.001 Linksys RE6500 versions 1.0.013.001 through 1.2.07.001 Linksys RE7000 version...

6.5CVSS6.6AI score0.08137EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-5078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote...

8.8CVSS8AI score0.02775EPSS
Exploits0References2
NVD
NVD
added 2025/08/19 6:15 p.m.21 views

CVE-2025-9149

A vulnerability was determined in Wavlink WL-NU516U1 M16U1V240425. This impacts the function sub4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guestssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

9.8CVSS0.05603EPSS
Exploits1References5
OSV
OSV
added 2025/08/19 6:15 p.m.2 views

CVE-2025-9149

A vulnerability was determined in Wavlink WL-NU516U1 M16U1V240425. This impacts the function sub4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guestssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

9.8CVSS5.6AI score
Exploits0References5
Cvelist
Cvelist
added 2025/08/19 5:32 p.m.26 views

CVE-2025-9149 Wavlink WL-NU516U1 wireless.cgi sub_4032E4 command injection

A vulnerability was determined in Wavlink WL-NU516U1 M16U1V240425. This impacts the function sub4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guestssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

6.5CVSS0.05603EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/08/19 5:32 p.m.4 views

CVE-2025-9149 Wavlink WL-NU516U1 wireless.cgi sub_4032E4 command injection

A vulnerability was determined in Wavlink WL-NU516U1 M16U1V240425. This impacts the function sub4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guestssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

6.5CVSS7.7AI score0.05603EPSS
Exploits1References5
Rows per page
Query Builder