Lucene search
K

8210 matches found

Nuclei
Nuclei
added yesterday59 views

WAVLINK WN579X3 - Remote Command Execution

Remote Command Execution vulnerability in WAVLINK WN579X3 routers via pingIp parameter in /cgi-bin/adm.cgi. id: CVE-2023-3380 info: name: WAVLINK WN579X3 - Remote Command Execution author: pussycat0x severity: critical description: | Remote Command Execution vulnerability in WAVLINK WN579X3 route...

9.8CVSS6.4AI score0.0388EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday17 views

TOTOLINK/Realtek Routers - CAPTCHA Bypass

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via a POST request to the boafrm/formLogin URI with the JSON payload "topicurl":"setting/getSanvas". This allows an unauthenticated attacker to bypass CAPTCHA verification, gaining unauthorized access to restricted...

9.8CVSS7AI score0.29557EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday83 views

Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure

Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and...

7.5CVSS6.8AI score0.99876EPSS
Exploits19References5
Nuclei
Nuclei
added yesterday69 views

NETGEAR - Authentication Bypass

NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers are vulnerable to authentication bypass vulnerabilities which could allow network-adjacent attackers to bypass authentication on affected installations. id:...

8.8CVSS7AI score0.08656EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago77 views

D-Link Routers - Remote Command Injection

D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for...

9CVSS7.4AI score0.78191EPSS
Exploits5References5
Nuclei
Nuclei
added 2 days ago120 views

TOTOLINK Realtek SD Routers - Remote Command Injection

TOTOLINK Realtek SDK based routers may allow an authenticated attacker to execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI syscmd.htm is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0,...

9CVSS7.2AI score0.25135EPSS
Exploits3References5
Nuclei
Nuclei
added 2 days ago100 views

Milesight Routers - Information Disclosure

A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router...

7.5CVSS7AI score0.59342EPSS
Exploits5References5
Nuclei
Nuclei
added 4 days ago214 views

D-Link - Remote Command Execution

A Remote Command Execution RCE vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file id: CVE-2021-45382 info: name: D-Link - Remote Command Execution author: king-alexander severity: critic...

10CVSS7.2AI score0.97836EPSS
Exploits1References5
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42721

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers...

5.3CVSS6AI score0.00238EPSS
Exploits0References2
EUVD
EUVD
added last week7 views

EUVD-2026-42291

An OS command injection vulnerability exists in the sub34984 function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lanipv6prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remo...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References2
EUVD
EUVD
added last week6 views

EUVD-2026-42292

An OS command injection vulnerability exists in the startlltd function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machinename configuration parameter is not properly sanitized, which could allow an authenticated remote...

7.2CVSS6.2AI score0.0128EPSS
Exploits1References2
NVD
NVD
added last week8 views

CVE-2026-24700

An OS command injection vulnerability exists in the startlltd function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machinename configuration parameter is not properly sanitized, which could allow an authenticated remote...

7.2CVSS0.0128EPSS
Exploits1References1
NVD
NVD
added last week8 views

CVE-2026-24699

An OS command injection vulnerability exists in the sub34984 function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lanipv6prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remo...

7.2CVSS0.00957EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 12:0 a.m.11 views

CVE-2026-24698

CVE-2026-24698 concerns an OS command injection in the Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5 / 1.2.2.8) devices. The vulnerability exists in the save_syslog_to_file() function of the Cisco httpd binary, where the model_name configuration parameter is not properly san...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/08 12:0 a.m.32 views

CVE-2026-24700

An OS command injection vulnerability exists in the startlltd function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machinename configuration parameter is not properly sanitized, which could allow an authenticated remote...

0.0128EPSS
Exploits1References1
CVE
CVE
added 2026/07/08 12:0 a.m.9 views

CVE-2026-24699

CVE-2026-24699 affects Cisco routers: RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5/1.2.2.8). The issue is an OS command injection in the sub_34984() function of the rc binary, caused by improper sanitization of the lan_ipv6_prefixlen configuration parameter. This could allow an a...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/08 12:0 a.m.33 views

CVE-2026-24697

An OS command injection vulnerability exists in the startbonjour function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The wanhostname configuration parameter is not properly sanitized, which could allow an authenticated remot...

0.00957EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/07/07 4:50 p.m.85 views

Cisco VPN Routers - Unauthenticated Arbitrary File Upload

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...

9.8CVSS6.9AI score0.88874EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/03 10:20 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS7.4AI score0.00783EPSS
Exploits4References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack in the TOTP authentication process. An attacker can gain unauthorized access by reusing a previously valid one-time password across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path. Remediation Upgra...

7.1CVSS7.2AI score0.00481EPSS
Exploits0References2
Rows per page
Query Builder