Lucene search
K

29 matches found

CVE
CVE
added 2026/06/25 1:35 a.m.18 views

CVE-2026-8666

CVE-2026-8666 describes an OS Command Injection in the traceroute action of the Rapid7 InsightConnect Traceroute Plugin on Linux. The vulnerability arises from insufficient input validation when constructing shell commands, allowing remote attackers to execute arbitrary OS commands via parameters...

9.8CVSS6.3AI score0.00675EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/25 12:45 p.m.8 views

CVE-2026-9459 Edimax EW-7438RPn formConnectionSetting stack-based overflow

A security flaw has been discovered in Edimax EW-7438RPn 1.31. This affects the function formConnectionSetting of the file /goform/formConnectionSetting. Performing a manipulation of the argument maxConn/timeOut results in stack-based buffer overflow. It is possible to initiate the attack remotel...

9CVSS7.8AI score0.00751EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/24 7:0 a.m.8 views

CVE-2026-9362 Edimax EW-7438RPn Setting formConnectionSetting command injection

A security vulnerability has been detected in Edimax EW-7438RPn 1.12. This vulnerability affects the function formConnectionSetting of the file /goform/formConnectionSetting of the component Setting Handler. Such manipulation of the argument maxConn/timeOut leads to command injection. The attack...

6.5CVSS6.3AI score0.01158EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2026/05/18 12:0 a.m.7 views

The vulnerability of the Bufferalloc() function in the vm2 package manager’s library allows a attacker to cause a service failure.

The vulnerability of the Bufferalloc function in the vm2 package manager’s library is related to the unlimited distribution of resources when processing the timeout parameter. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS5.8AI score0.00424EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/04/30 5:16 p.m.8 views

CVE-2025-71284

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

9.8CVSS0.05727EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002521)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002521 advisory. The compatsysrecvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIGX86X32 is enabled, allows local users to gain privileges via a recvmmsg...

6.9CVSS6.9AI score0.34649EPSS
Exploits16References22
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-30172

Malicious code in bioql PyPI...

6CVSS6.2AI score0.01034EPSS
Exploits1References2
NVD
NVD
added 2025/06/09 7:15 a.m.18 views

CVE-2025-5865

A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sysselect of the file rt-thread/components/lwp/lwpsyscall.c of the component Parameter Handler. The manipulation of the argument timeout leads to memory corruption. The vendor...

9.8CVSS0.00798EPSS
Exploits1References5
OSV
OSV
added 2025/06/09 6:31 a.m.5 views

CVE-2025-5865 RT-Thread Parameter lwp_syscall.c sys_select memory corruption

A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sysselect of the file rt-thread/components/lwp/lwpsyscall.c of the component Parameter Handler. The manipulation of the argument timeout leads to memory corruption. The vendor...

8.6CVSS6.7AI score0.00798EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.7 views

PT-2025-24408 · Rt-Thread · Rt-Thread

Name of the Vulnerable Software and Affected Versions: RT-Thread version 5.1.0 Description: A critical issue affects the sys select function of the Parameter Handler component in the file rt-thread/components/lwp/lwp syscall.c. The manipulation of the timeout argument leads to memory corruption...

9.8CVSS7.7AI score0.00798EPSS
Exploits1References14
CNNVD
CNNVD
added 2025/06/09 12:0 a.m.4 views

RT-Thread 安全漏洞

RT-Thread is an open source IoT real-time operating system RTOS open-sourced by RT-Thread. RT-Thread suffers from a buffer overflow vulnerability that originates from the operation of the parameter timeout in the file rt-thread/components/lwp/lwpsyscall.c, which can be exploited by an attacker to...

9.8CVSS7.2AI score0.00798EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 3:27 a.m.11 views

CVE-2023-34830

i-doit Open v24 was discovered to contain a reflected cross-site scripting XSS vulnerability via the timeout parameter on the login page...

5.4CVSS6.2AI score0.00651EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/14 5:50 a.m.23 views

CVE-2024-32354

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi...

6CVSS7.9AI score0.01034EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.5 views

Advantive VeraCore 安全漏洞

Advantive VeraCore is a SaaS order and warehouse management software from Advantive. A security vulnerability exists in Advantive VeraCore version 2025.1.0 and earlier, which stems from the presence of an SQL injection in timeoutWarning.asp that allows remote attackers to execute arbitrary SQL...

7.5CVSS10AI score0.50863EPSS
Exploits1References2
CNVD
CNVD
added 2024/05/22 12:0 a.m.5 views

TOTOLINK X5000R timeout parameter command injection vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R timeout parameter, which originates from the failure of the timeout parameter of /cgi-bin/cstecgi.cgi to properly filter constructed command special characters,...

6CVSS7.4AI score0.01034EPSS
Exploits1References1
NVD
NVD
added 2024/05/14 4:17 p.m.30 views

CVE-2024-32354

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi...

6CVSS7.6AI score0.01034EPSS
Exploits1References2
OSV
OSV
added 2024/05/14 4:17 p.m.5 views

CVE-2024-32354

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi...

6CVSS5.8AI score0.01034EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/05/14 3:59 p.m.30 views

CVE-2024-32354

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi...

7.8AI score0.01034EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.2 views

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R timeout parameter, which originates from the failure of the timeout parameter of /cgi-bin/cstecgi.cgi to properly filter constructed command special characters,...

6CVSS7.8AI score0.01034EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.4 views

PT-2024-24531 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version 9.1.0cu.2350 B20230313 Description: A command injection issue was found in the setSSServer function via the timeout parameter at the "/cgi-bin/cstecgi.cgi" API endpoint. Recommendations: For TOTOLINK X5000R version...

6.2CVSS7.4AI score0.01034EPSS
Exploits1References4
Rows per page
Query Builder