Lucene search
K

9635 matches found

CVE
CVE
added 2026/05/05 12:30 p.m.20 views

CVE-2026-7833

CVE-2026-7833 affects EFM ipTIME C200 firmware up to 1.092. The vulnerability lies in the function sub_408F90 of /cgi/iux_set.cgi (ApplyRestore Endpoint), where improper handling of the RestoreFile argument enables remote command injection. Impact includes high risk to confidentiality, integrity,...

8.6CVSS6.7AI score0.02336EPSS
Exploits0References4
OSV
OSV
added 2026/05/05 12:0 p.m.5 views

RUSTSEC-2026-0125 Signature Verification on AVX2 Platforms Mishandles Edge Case

The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...

8.2CVSS5.8AI score
Exploits0References5
OSV
OSV
added 2026/05/05 12:43 a.m.8 views

CLSA-2026-1777941808 libcap: Fix of CVE-2026-4878

CVE-2026-4878: fix TOCTOU race in capsetfile by performing xattr writes via an ONOFOLLOW file descriptor instead of the user-supplied path...

7CVSS5.8AI score0.00188EPSS
Exploits1References1
OSV
OSV
added 2026/05/05 12:40 a.m.5 views

CLSA-2026-1777941636 Fix CVE(s): CVE-2026-4878

SECURITY UPDATE: TOCTOU race in capsetfile - debian/patches/CVE-2026-4878.patch: lock onto the target file via an OPATH descriptor and operate via /proc/self/fd/N in libcap/capfile.c so that file capability changes cannot be redirected to an attacker- controlled file by a local user with write...

7CVSS5.8AI score0.00188EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.12 views

PT-2026-37264

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev100 Description Lack of sanitization in the set package data function allows a user with Perms.MODIFY permissions to specify arbitrary directories as download locations for a package. This occurs when passin...

8.1CVSS5.9AI score0.00395EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:0 a.m.6 views

CVE-2026-36356

The GoAhead web server on MeiG Smart FORGESLT711 devices firmware MDM9607.LE.1.0-00110-STD.PROD-1 allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint...

5.8AI score0.15394EPSS
Exploits3References4
Oracle linux
Oracle linux
added 2026/05/05 12:0 a.m.12 views

libcap security update

2.48-6.1 - Fix TOCTOU race condition in capsetfile CVE-2026-4878 Resolves: RHEL-169304...

7CVSS5.8AI score0.00188EPSS
Exploits1
Snyk
Snyk
added 2026/05/04 10:7 p.m.9 views

Incorrect Authorization

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Incorrect Authorization in the setconfigvalue process. An attacker can disable outbound TLS peer verification by setting the sslverify configuration to 'off...

7.6CVSS5.7AI score0.00174EPSS
Exploits1References4
OSV
OSV
added 2026/05/04 10:4 p.m.4 views

GHSA-HM49-WCQC-G2XG net-imap vulnerable to command Injection via "raw" arguments to multiple commands

Summary Several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. Details Net::IMAP's...

5.8CVSS5.6AI score0.00429EPSS
Exploits0References12
Snyk
Snyk
added 2026/05/04 9:25 p.m.7 views

Incorrect Type Conversion or Cast

Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast in the DiscoverKeys process. An attacker can cause the application to crash by providing a non-RSA key such as an EC key from a repository JWKS endpoint, which triggers a panic due to an unchecked type...

7.1CVSS5.8AI score0.00252EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.6 views

CVE-2026-7683

A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has bee...

6.5CVSS6.3AI score0.01543EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.5 views

CVE-2026-7684

A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be...

9CVSS7.7AI score0.00481EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 8:16 p.m.10 views

CVE-2026-41923

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit...

9.3CVSS0.02615EPSS
Exploits0References3
NVD
NVD
added 2026/05/04 8:16 p.m.11 views

CVE-2026-41922

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the wireless.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the sz11gChannel or PIN POST parameters. Attackers can...

9.3CVSS0.04983EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/04 7:12 p.m.6 views

EUVD-2026-27121

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the settime or StartSniffer functions. Attackers can...

9.3CVSS6.1AI score0.02707EPSS
Exploits0References3
CVE
CVE
added 2026/05/04 7:12 p.m.24 views

CVE-2026-41924

CVE-2026-41924 affects WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02). The vulnerability is an OS command injection in the makeRequest.cgi binary, allowing unauthenticated remote attackers to execute arbitrary shell commands by injecting crafted input into the set_time or StartSniffer fun...

9.3CVSS6.1AI score0.02707EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/04 7:10 p.m.7 views

CVE-2026-41923 WDR201A WiFi Extender OS Command Injection via internet.cgi

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit...

9.3CVSS6.1AI score0.02615EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/04 7:10 p.m.7 views

EUVD-2026-27120

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit...

9.3CVSS6.1AI score0.02615EPSS
Exploits0References3
CVE
CVE
added 2026/05/04 7:10 p.m.14 views

CVE-2026-41923

CVE-2026-41923 affects the WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02). The vulnerability is an OS command injection in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter....

9.3CVSS6.1AI score0.02615EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/04 7:10 p.m.32 views

CVE-2026-41923 WDR201A WiFi Extender OS Command Injection via internet.cgi

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit...

9.3CVSS0.02615EPSS
Exploits0References3
Rows per page
Query Builder