CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: k8sgpt-operator, pulumi, trivy-operator, external-secrets-operator, step-issuer, kube-logging-operator-custom-runner, nsc, kubescape-operator, volume-modifier-for-k8s, mailpit, mongo-tools, mountpoint-s3-csi-driver, step-ca, tkn, knative-operator, wal-g,...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-cognitoidentity, knative-net-istio-fips, apache-exporter, flux-source-watcher-fips, tetragon-fips, prometheus-postgres-exporter, gpu-operator, secrets-store-csi-driver, esbuild-fips, malcontent, thanos-operator-fips, vexctl, bank-vaults-fips,...

Exploit for CVE-2025-65753

CVE-2025-65753 Proof of concept for CVE-2025-65753: Remote co...

CVE-2025-12946

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques MiTM to manipulate DNS responses and execute commands when speedtests are run. This issue...

EUVD-2025-202283

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques MiTM to manipulate DNS responses and execute commands when speedtests are run. This issue...

CVE-2025-12946

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques MiTM to manipulate DNS responses and execute commands when speedtests are run. This issue...

CVE-2025-12946

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques MiTM to manipulate DNS responses and execute commands when speedtests are run. This issue...

CVE-2025-12946 Improper input validation in NETGEAR Nighthawk routers

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques MiTM to manipulate DNS responses and execute commands when speedtests are run. This issue...

CVE-2025-12946

CVE-2025-12946 affects NETGEAR Nighthawk routers and related models (RS700, RAX54Sv2, RAX41v2, RAX50, RAXE500, RAX41, RAX43, RAX35v2, RAXE450, RAX43v2, RAX42, RAX45, RAX50v2, MR90, MS90, RAX42v2, RAX49S). Root cause is improper input validation in the speedtest feature, enabling WAN-side attacker...

CVE-2025-12946 Improper input validation in NETGEAR Nighthawk routers

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques MiTM to manipulate DNS responses and execute commands when speedtests are run. This issue...

PT-2025-50105

Name of the Vulnerable Software and Affected Versions NETGEAR Nighthawk routers versions 1.0.7.82 and earlier NETGEAR RAX54Sv2 versions before V1.1.6.36 NETGEAR RAX41v2 versions before V1.1.6.36 NETGEAR RAX50 versions before V1.2.14.114 NETGEAR RAXE500 versions before V1.2.14.114 NETGEAR RAX41...

NETGEAR多款产品 安全漏洞

NETGEAR Nighthawk is a series of wireless routers from NETGEAR. A security vulnerability exists in various NETGEAR products that stems from improper input validation for the speedtest feature, which could allow an attacker to use man-in-the-middle techniques to manipulate DNS responses and execut...

EUVD-2022-52210

Malicious code in bioql PyPI...

CVE-2022-4957

A vulnerability was found in librespeed speedtest up to 5.2.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file results/stats.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely...

CVE-2025-22871 vulnerabilities

Vulnerabilities for packages: guac, external-secrets-operator, step-issuer, tfsec, volume-modifier-for-k8s, mailpit, glab, metallb, gosu, mongo-tools, rootlesskit, wireguard-go, tkn, fulcio, hivemind, wazero, age, rabbitmq-cluster-operator, kapp-controller, wire-go, etcd, vault-k8s, git-lfs,...

GHSA-G9PC-8G42-G6VQ vulnerabilities

Vulnerabilities for packages: guac, external-secrets-operator, step-issuer, tfsec, volume-modifier-for-k8s, mailpit, glab, metallb, gosu, mongo-tools, rootlesskit, wireguard-go, tkn, fulcio, hivemind, wazero, age, rabbitmq-cluster-operator, kapp-controller, wire-go, etcd, vault-k8s, git-lfs,...

CVE-2025-22871 vulnerabilities

Vulnerabilities for packages: metallb-fips, terraform-provider-grafana-fips, prometheus-postgres-exporter, amazon-k8s-cni, esbuild-fips, malcontent, cfssl, thanos-operator-fips, bank-vaults-fips, request-1279-14, neuvector-scanner, crossplane-fips, vexctl, opentofu, cilium-envoy, esbuild,...

EnGenius EnStation5-AC A8J-ENS500AC 安全漏洞

The EnGenius EnStation5-AC A8J-ENS500AC is a wireless access point from EnGenius. A security vulnerability exists in the EnGenius EnStation5-AC A8J-ENS500AC version 1.0.0, which originates from allowing blind injection of operating system commands via shell metacharacters in the parameters Ping a...

CVE-2024-32890

The CVE-2024-32890 entry describes a stored cross-site scripting (XSS) in LibreSpeed speedtest. Affected are LibreSpeed speedtest instances running version 5.2.5 or higher with telemetry enabled. The vulnerability arises from missing neutralization in the ispinfo.processedString field of the tele...

CVE-2024-32890 Stored Cross-site Scripting in results JSON API in librespeed/speedtest

librespeed/speedtest is an open source, self-hosted speed test for HTML5. In affected versions missing neutralization of the ISP information in a speedtest result leads to stored Cross-site scripting in the JSON API. The processedString field in the ispinfo parameter is missing neutralization. It...