CVE-2026-9459 Edimax EW-7438RPn formConnectionSetting stack-based overflow

A security flaw has been discovered in Edimax EW-7438RPn 1.31. This affects the function formConnectionSetting of the file /goform/formConnectionSetting. Performing a manipulation of the argument maxConn/timeOut results in stack-based buffer overflow. It is possible to initiate the attack remotel...

CVE-2026-9362 Edimax EW-7438RPn Setting formConnectionSetting command injection

A security vulnerability has been detected in Edimax EW-7438RPn 1.12. This vulnerability affects the function formConnectionSetting of the file /goform/formConnectionSetting of the component Setting Handler. Such manipulation of the argument maxConn/timeOut leads to command injection. The attack...

CVE-2025-71284

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002521)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002521 advisory. The compatsysrecvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIGX86X32 is enabled, allows local users to gain privileges via a recvmmsg...

EUVD-2024-30172

Malicious code in bioql PyPI...

CVE-2025-5865

A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sysselect of the file rt-thread/components/lwp/lwpsyscall.c of the component Parameter Handler. The manipulation of the argument timeout leads to memory corruption. The vendor...

CVE-2025-5865

A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sysselect of the file rt-thread/components/lwp/lwpsyscall.c of the component Parameter Handler. The manipulation of the argument timeout leads to memory corruption. The vendor...

RT-Thread 安全漏洞

RT-Thread is an open source IoT real-time operating system RTOS open-sourced by RT-Thread. RT-Thread suffers from a buffer overflow vulnerability that originates from the operation of the parameter timeout in the file rt-thread/components/lwp/lwpsyscall.c, which can be exploited by an attacker to...

PT-2025-24408 · Rt-Thread · Rt-Thread

Name of the Vulnerable Software and Affected Versions: RT-Thread version 5.1.0 Description: A critical issue affects the sys select function of the Parameter Handler component in the file rt-thread/components/lwp/lwp syscall.c. The manipulation of the timeout argument leads to memory corruption...

CVE-2023-34830

i-doit Open v24 was discovered to contain a reflected cross-site scripting XSS vulnerability via the timeout parameter on the login page...

CVE-2024-32354

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi...

Advantive VeraCore 安全漏洞

Advantive VeraCore is a SaaS order and warehouse management software from Advantive. A security vulnerability exists in Advantive VeraCore version 2025.1.0 and earlier, which stems from the presence of an SQL injection in timeoutWarning.asp that allows remote attackers to execute arbitrary SQL...

TOTOLINK X5000R timeout parameter command injection vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R timeout parameter, which originates from the failure of the timeout parameter of /cgi-bin/cstecgi.cgi to properly filter constructed command special characters,...

CVE-2024-32354

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi...

CVE-2024-32354

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi...

CVE-2024-32354

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R timeout parameter, which originates from the failure of the timeout parameter of /cgi-bin/cstecgi.cgi to properly filter constructed command special characters,...

PT-2024-24531 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version 9.1.0cu.2350 B20230313 Description: A command injection issue was found in the setSSServer function via the timeout parameter at the "/cgi-bin/cstecgi.cgi" API endpoint. Recommendations: For TOTOLINK X5000R version...

CVE-2023-34830

i-doit Open v24 was discovered to contain a reflected cross-site scripting XSS vulnerability via the timeout parameter on the login page...

CVE-2023-34830

i-doit Open v24 was discovered to contain a reflected cross-site scripting XSS vulnerability via the timeout parameter on the login page...