Lucene search
K

104 matches found

NVD
NVD
added 2026/07/02 1:17 p.m.9 views

CVE-2026-58652

luci-app-travelmate and the travelmate package contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to...

7.7CVSS0.00482EPSS
Exploits0References7
CVE
CVE
added 2026/07/02 12:28 p.m.21 views

CVE-2026-58652

The issue affects luci-app-travelmate and the travelmate package. A LuCI/rpcd session with the luci-app-travelmate write ACL gains config-wide UCI write access to the travelmate configuration, and the backend travelmate service (running as root) reads raw UCI values for script and script_args and...

7.7CVSS6.1AI score0.00482EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/02 12:28 p.m.8 views

EUVD-2026-41366

luci-app-travelmate and the travelmate package contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to...

7.7CVSS6.1AI score0.00482EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/02 12:28 p.m.37 views

CVE-2026-58652 luci-app-travelmate - Arbitrary Command Execution via UCI Script Parameter

luci-app-travelmate and the travelmate package contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to...

7.7CVSS0.00482EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/02 12:28 p.m.9 views

CVE-2026-58652

luci-app-travelmate and the travelmate package contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to...

7.7CVSS6.1AI score0.00482EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/07/02 12:28 p.m.4 views

CVE-2026-58652 luci-app-travelmate - Arbitrary Command Execution via UCI Script Parameter

luci-app-travelmate and the travelmate package contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to...

7.7CVSS6.2AI score0.00482EPSS
Exploits0References9
NVD
NVD
added 2026/05/18 6:17 p.m.18 views

CVE-2023-24215

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...

9.1CVSS0.0024EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/18 12:0 a.m.10 views

CVE-2023-24215

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...

5.8AI score0.0024EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/18 12:0 a.m.41 views

CVE-2023-24215

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...

0.0024EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.12 views

NOVUS Automation AirGate 4G firmware 安全漏洞

NOVUS Automation AirGate 4G firmware is an industrial IoT gateway firmware system developed by NOVUS Automation in Brazil. Version 1.1.16 of NOVUS Automation AirGate 4G firmware contains a security vulnerability. This vulnerability stems from improper endpoint access control in the /uci/get/...

9.1CVSS5.8AI score0.0024EPSS
Exploits1References2
CVE
CVE
added 2026/05/18 12:0 a.m.16 views

CVE-2023-24215

CVE-2023-24215 concerns the NOVUS AirGate 4G firmware v1.1.16, where an incorrect access control on the /uci/get/ endpoint allows unauthenticated attackers to obtain administrator credentials via a crafted POST request. The CVSS3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) yields a base score ...

9.1CVSS5.8AI score0.0024EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/18 12:0 a.m.8 views

CVE-2023-24215

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...

9.1CVSS5.8AI score0.0024EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.19 views

PT-2026-41704

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...

5.8AI score0.0024EPSS
Exploits1References4
NVD
NVD
added 2026/02/23 8:28 p.m.14 views

CVE-2025-70329

TOTOLink X5000R v9.1.0cu2415B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd executable. The vlanVidLan1 and other vlanVidLanX parameters are retrieved via UciGetStr and passed to the CsteSystem function without adequate validation or...

8CVSS0.03183EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.15 views

EUVD-2015-8826

Malware in sbrugna...

9.8CVSS8.6AI score0.03762EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-5784

Malicious code in bioql PyPI...

5.5CVSS6.6AI score0.00096EPSS
Exploits0References2
CNVD
CNVD
added 2025/09/29 12:0 a.m.2 views

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23368)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability, which originates from the incorrect operation of the function ucidel on the parameter delvalue in the file /goform/deleteprohibiting, which can be exploited by an...

8.8CVSS7AI score0.04125EPSS
Exploits1References1
CVE
CVE
added 2025/09/28 6:32 a.m.19 views

CVE-2025-11100

CVE-2025-11100 affects D-Link DIR-823X (firmware 250416). The uci_set function in /goform/set_wifi_blacklists is vulnerable to remote command injection; exploitation can occur over the network and a public exploit exists. Several sources (NVD, Red Hat, CNVD, CVE lists) confirm remote exploitation...

8.8CVSS6.8AI score0.04125EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/09/28 6:32 a.m.22 views

CVE-2025-11100 D-Link DIR-823X set_wifi_blacklists uci_set command injection

A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uciset of the file /goform/setwifiblacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

6.5CVSS0.04125EPSS
Exploits1References5
OSV
OSV
added 2025/09/28 6:15 a.m.4 views

CVE-2025-11099

A vulnerability was determined in D-Link DIR-823X 250416. The impacted element is the function ucidel of the file /goform/deleteprohibiting. This manipulation of the argument delvalue causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed...

8.8CVSS5.7AI score
Exploits0References5
Rows per page
Query Builder