Lucene search
+L

103 matches found

nvd
nvd
added 2 days ago5 views

CVE-2026-62947

OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, the cgi-download handler in cgi-io authorizes the requested path against the caller's ubus session file ACL before canonicalization, and rpcd session.c uses fnmatch without FNMPATHNAME, allowing traversal such as an...

4.9CVSS0.00358EPSS
Exploits0References4
euvd
euvd
added 2 days ago6 views

EUVD-2026-44756

OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, the cgi-download handler in cgi-io authorizes the requested path against the caller's ubus session file ACL before canonicalization, and rpcd session.c uses fnmatch without FNMPATHNAME, allowing traversal such as an...

4.9CVSS6.1AI score0.00358EPSS
Exploits0References4
nvd
nvd
added 2026/06/29 7:16 p.m.9 views

CVE-2026-58000

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration...

8.8CVSS0.01401EPSS
Exploits0References3
euvd
euvd
added 2026/06/29 6:16 p.m.7 views

EUVD-2026-40172

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration...

8.8CVSS6AI score0.01401EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/29 12:0 a.m.23 views

PT-2026-53683

Name of the Vulnerable Software and Affected Versions luci-proto-openvpn versions prior to 0.11.1 Description An authenticated LuCI user with OpenVPN protocol configuration access can execute arbitrary commands as root. This occurs because the generateKey ubus method interpolates the cl meta...

8.8CVSS6.1AI score0.01401EPSS
Exploits0References7
nvd
nvd
added 2026/05/26 3:16 p.m.18 views

CVE-2026-46368

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS0.06582EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/26 2:8 p.m.10 views

CVE-2026-46368

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS6.1AI score0.06582EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/26 12:0 a.m.27 views

PT-2026-43259

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS6.1AI score0.06582EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/01/09 9:2 a.m.5 views

CVE-2023-25085

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.1AI score0.0146EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 9:2 a.m.4 views

CVE-2023-25104

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.2AI score0.0146EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 9:2 a.m.7 views

CVE-2023-25087

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.1AI score0.0146EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 9:2 a.m.5 views

CVE-2023-25115

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.1AI score0.0146EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 9:2 a.m.5 views

CVE-2023-25083

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.1AI score0.0146EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 9:1 a.m.4 views

CVE-2023-25093

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.1AI score0.0146EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 9:1 a.m.6 views

CVE-2023-25103

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.1AI score0.0146EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 9:1 a.m.6 views

CVE-2023-25121

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.1AI score0.0146EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 9:1 a.m.6 views

CVE-2023-25086

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.1AI score0.0146EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 9:1 a.m.5 views

CVE-2023-25112

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.1AI score0.0146EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 9:1 a.m.4 views

CVE-2023-25123

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.1AI score0.0146EPSS
Exploits1References1
cvelist
cvelist
added 2025/10/22 2:59 p.m.11 views

CVE-2025-62526 OpenWrt ubusd vulnerable to heap buffer overflow

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the ubus daemon. The...

7.9CVSS0.00245EPSS
Exploits0References7
Rows per page
Query Builder