Lucene search
K

3872 matches found

CVE
CVE
added 2025/08/19 5:32 p.m.30 views

CVE-2025-9149

CVE-2025-9149 affects Wavlink WL-NU516U1 M16U1_V240425. The vulnerability is in the function sub_4032E4 of the file /cgi-bin/wireless.cgi, where manipulation of the argument Guest_ssid enables command injection. The issue is exploitable remotely, and public exploit details (PoC) have been disclos...

9.8CVSS7.7AI score0.05603EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/19 2:17 a.m.9 views

CVE-2025-9090

A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

9.8CVSS6.7AI score0.14105EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.13 views

PT-2025-33820 · Wavlink · Wavlink Wl-Nu516U1

Name of the Vulnerable Software and Affected Versions: Wavlink WL-NU516U1 M16U1 V240425 Description: A vulnerability exists due to command injection. The issue is located in the /cgi-bin/wireless.cgi file and impacts the sub 4032E4 function. Manipulation of the Guest ssid argument can lead to...

6.5CVSS7.8AI score0.05603EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-8517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system...

9.8CVSS7.6AI score0.94618EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-11652

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header,...

10CVSS8.5AI score0.24727EPSS
Exploits5References2
GithubExploit
GithubExploit
added 2025/08/17 7:22 p.m.226 views

Exploit for Command Injection in Tenda Ac20_Firmware

CVE-2025-9090 Author: Byte Reaper Description This exp...

9.8CVSS6.6AI score0.14105EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/08/17 10:25 a.m.14 views

CVE-2025-9026

A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgimain of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...

9.8CVSS7.8AI score0.03916EPSS
Exploits1References1
NVD
NVD
added 2025/08/17 3:15 a.m.6 views

CVE-2025-9090

A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

9.8CVSS0.14105EPSS
Exploits3References6
CVE
CVE
added 2025/08/17 2:2 a.m.34 views

CVE-2025-9090

CVE-2025-9090 affects Tenda AC20 router (firmware 16.03.08.12). The flaw is in the Telnet Service: the websFormDefine function in /goform/telnet allows remote command injection. Public exploitation exists (exploit code and PoC references in multiple sources), enabling arbitrary command execution ...

9.8CVSS6.9AI score0.14105EPSS
Exploits3References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/17 12:0 a.m.9 views

PT-2025-33607 · Tenda · Tenda Ac20

Name of the Vulnerable Software and Affected Versions: Tenda AC20 version 16.03.08.12 Description: A vulnerability was identified in the Telnet Service component of Tenda AC20. The websFormDefine function within the /goform/telnet file is affected, leading to command injection. The attack can be...

9.8CVSS6.5AI score0.14105EPSS
Exploits3References12
RedhatCVE
RedhatCVE
added 2025/08/16 10:10 a.m.32 views

CVE-2025-8956

A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

8.8CVSS7.8AI score0.18145EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/16 5:29 a.m.16 views

CVE-2025-8937

A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

6.5CVSS7.9AI score0.02425EPSS
Exploits0References1
NVD
NVD
added 2025/08/15 10:15 a.m.8 views

CVE-2025-9026

A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgimain of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...

9.8CVSS0.03916EPSS
Exploits1References5
OSV
OSV
added 2025/08/15 10:15 a.m.8 views

CVE-2025-9026

A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgimain of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...

9.8CVSS5.5AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/08/15 9:32 a.m.3 views

CVE-2025-9026 D-Link DIR-860L Simple Service Discovery Protocol cgibin ssdpcgi_main os command injection

A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgimain of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...

7.5CVSS7.8AI score0.03916EPSS
Exploits1References5
CVE
CVE
added 2025/08/15 9:32 a.m.20 views

CVE-2025-9026

CVE-2025-9026 affects D-Link DIR-860L (firmware 2.04.B04). The vulnerability is in the Simple Service Discovery Protocol component, specifically the ssdpcgi_main function in htdocs/cgibin, enabling remote OS command injection. Publicly disclosed exploit indicates active risk, with impact on confi...

9.8CVSS7.7AI score0.03916EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/08/14 10:15 a.m.4 views

CVE-2025-8956

A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

8.8CVSS5.4AI score0.18145EPSS
Exploits1References5
NVD
NVD
added 2025/08/14 10:15 a.m.44 views

CVE-2025-8956

A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

8.8CVSS0.18145EPSS
Exploits1References5
CVE
CVE
added 2025/08/14 10:2 a.m.24 views

CVE-2025-8956

D-Link DIR-818L firmware up to 1.05B01 is affected by a vulnerability in the getenv function of /htdocs/cgibin (ssdpcgi), enabling remote command injection. The issue allows an attacker to remotely exploit the vulnerability; the public exploit has been disclosed. Remediation: upgrade to a version...

8.8CVSS7.7AI score0.18145EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2025/08/14 5:15 a.m.7 views

CVE-2025-8937

A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

8.8CVSS0.02425EPSS
Exploits0References7
Rows per page
Query Builder