Lucene search
+L

45 matches found

EUVD
EUVD
added 5 days ago4 views

EUVD-2026-43548

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...

8.7CVSS6.1AI score0.00371EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-57906

Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.4.42 Description An unauthenticated information disclosure issue exists where remote attackers can retrieve plaintext API keys for all connected AI provider accounts. This occurs due to missing authentication...

9.3CVSS6.2AI score0.00371EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/07 6:19 p.m.5 views

EUVD-2026-42073

9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint this route is not covered by the dashboard middleware matcher, so no authorization check is applied. The sudoPassword field from the request body is written to t...

9.8CVSS6.3AI score0.01372EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.13 views

Edimax BR-6228NC 注入漏洞

The Edimax BR-6228NC is a wireless broadband router produced by Edimax Corporation. Version 1.22 of the Edimax BR-6228NC has a vulnerability known as “injection flaw.” This flaw arises from the function mp in the POST Request Handler component, which processes the command parameter. The improper...

6.5CVSS6.7AI score0.01182EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/08 8:57 p.m.7 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the improper origin checks of UI route submissions in server-side route action handlers in Framework Mode. An attacker can execute unauthorized actions by tricking a user into submitting a crafted...

6.9CVSS6.8AI score0.00128EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/26 6:30 a.m.3 views

Exposure of Sensitive Information Due to Incompatible Policies

Overview Affected versions of this package are vulnerable to Exposure of Sensitive Information Due to Incompatible Policies due to insufficient access validation to private user projects. An attacker can gain unauthorized access to sensitive project information by directly accessing private proje...

8.6CVSS6.6AI score0.00328EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.5 views

Linksys E5600 安全漏洞

Linksys E5600 is a powerful, compact and reliable WiFi 5 router from Linksys, Inc. A security vulnerability exists in Linksys E5600 version V1.1.0.26, which stems from a command injection in the ddnsStatus function...

9.8CVSS7.4AI score0.01134EPSS
Exploits0References2
Huntr
Huntr
added 2025/10/03 6:25 p.m.12 views

text-generation-inference: Unbounded external image fetch in validation leads to resource-exhaustion DoS

Description Text Generation Inference Router DoS via pre-validation image fetch in VLM mode. Affected: Router workspace version 3.3.6 the latest repo, when deployed with a vision/VLM model e.g., Idefics/Mllama/Idefics2/Idefics3/Gemma3/Llama4/Paligemma/LlavaNext/Qwen2VL/Qwen25VL. Pure text LLMs do...

7.5CVSS7.2AI score0.22494EPSS
Exploits0
CNNVD
CNNVD
added 2025/07/20 12:0 a.m.17 views

Mercusys MW301R 安全漏洞

Mercusys MW301R is a router from Mercusys, China. A security vulnerability exists in Mercusys MW301R version 1.0.2 Build 190726 Rel.59423n, which stems from an improperly restricted authentication attempt in the Login component...

3.1CVSS4.5AI score0.00291EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 8:55 a.m.6 views

CVE-2024-29671

Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component...

9.8CVSS8AI score0.2091EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/17 12:0 a.m.3 views

TOTOLINK A720R、TOTOLINK A3002R和TOTOLINK A3002RU 安全漏洞

TOTOLINK A3002RU and others are products of China Gion Electronics TOTOLINK.TOTOLINK A3002RU is a wireless router product.TOTOLINK A720R is a wireless router.TOTOLINK A3002R is a wireless router.TOTOLINK A3002R is a wireless router. A security vulnerability exists in the TOTOLINK A720R, TOTOLINK...

9CVSS9AI score0.00695EPSS
Exploits0References7
OSV
OSV
added 2025/05/05 5:18 p.m.13 views

CVE-2024-57232

NETGEAR RAX5 AX1600 WiFi Router V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcliwpsgenpincode function...

9.8CVSS5.8AI score0.01198EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/04/24 12:0 a.m.6 views

PT-2025-17867

Name of the Vulnerable Software and Affected Versions React Router versions 7.2.0 through 7.5.2 Description The issue allows an attacker to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an erro...

7.5CVSS7.5AI score0.25329EPSS
Exploits0References42
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.5 views

PT-2024-19054 · Unknown · Mc Lr Router

Name of the Vulnerable Software and Affected Versions: MC LR Router version 2.10.5 Description: An OS command injection vulnerability exists in the web interface configuration upload functionality. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an...

7.2CVSS9.9AI score0.10514EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.10 views

PT-2024-22221 · Unknown · Mc Lr Router

Name of the Vulnerable Software and Affected Versions: MC LR Router version 2.10.5 Description: The issue is related to OS command injection vulnerabilities in the web interface I/O configuration functionality. A specially crafted HTTP request can lead to arbitrary command execution. An attacker...

7.2CVSS9.8AI score0.05838EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.7 views

PT-2024-22222 · Unknown · Mc Lr Router

Name of the Vulnerable Software and Affected Versions: MC LR Router version 2.10.5 Description: The issue concerns OS command injection vulnerabilities in the web interface I/O configuration functionality. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can...

7.2CVSS7.8AI score0.07504EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.7 views

MC Technologies MC LR Router 操作系统命令注入漏洞

MC Technologies MC LR Router is a router from MC Technologies, Germany. An operating system command injection vulnerability exists in MC Technologies MC LR Router version 2.10.5, which stems from an OS command injection in the I/O configuration function of the web interface, which could lead to...

7.2CVSS9.6AI score0.05838EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/08/16 12:0 a.m.4 views

PT-2024-30095 · Wishnet · Wishnet Nepstech Wifi Router Ntpl-Xpon1Gfevn

Name of the Vulnerable Software and Affected Versions: wishnet Nepstech Wifi Router NTPL-XPON1GFEVN version 1.0 Description: An issue in the wishnet Nepstech Wifi Router allows a remote attacker to obtain sensitive information via the cookie's parameter. Recommendations: For wishnet Nepstech Wifi...

9.8CVSS6.8AI score0.01376EPSS
Exploits0References11
GithubExploit
GithubExploit
added 2024/08/09 7:32 p.m.70 views

Exploit for Incorrect Authorization in Nexxtsolutions Nebula1200-Ac_Firmware

EN This project provides a proof-of-concept exploit for a remo...

9.8CVSS9.1AI score0.02556EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.8 views

PT-2024-19490 · Digisol · Digisol Router

Name of the Vulnerable Software and Affected Versions: Digisol Router DG-GR1321 version v3.2.02 Description: This issue is caused by the improper implementation of password policies. An attacker with physical access could exploit this by creating passwords that do not adhere to the defined securi...

9.1CVSS6.7AI score0.01026EPSS
Exploits0References3
Rows per page
Query Builder