34 matches found
EUVD-2024-47140
Malicious code in bioql PyPI...
EUVD-2023-50521
Malicious code in bioql PyPI...
EUVD-2023-50033
Malicious code in bioql PyPI...
EUVD-2025-22913
Malicious code in bioql PyPI...
CVE-2025-46035
Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint...
CVE-2025-48045
An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials...
CVE-2019-5150
An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the "VideoTags" plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could...
CVE-2024-39759
Multiple OS command injection vulnerabilities exist in the login.cgi setsysinit functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A comman...
CVE-2024-39363
A cross-site scripting xss vulnerability exists in the login.cgi setlangCountryCode functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this...
CVE-2024-39363
A cross-site scripting xss vulnerability exists in the login.cgi setlangCountryCode functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this...
CVE-2024-39761
Multiple OS command injection vulnerabilities exist in the login.cgi setsysinit functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A comman...
CVE-2024-39761
Multiple OS command injection vulnerabilities exist in the login.cgi setsysinit functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A comman...
CVE-2024-39759
CVE-2024-39759 affects the Wavlink AC3000 M33A8.V5030.210505 router, where multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() function. The root cause is improper handling of input in the restart_hour_value (and related) POST parameters, which can be invoked by un...
Wavlink AC3000 login.cgi Goto_chidx() buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-2019 Wavlink AC3000 login.cgi Gotochidx buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-36290 SUMMARY A buffer overflow vulnerability exists in the login.cgi Gotochidx functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted...
GoCast OS Command Injection vulnerability
An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2024-41922
A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
EUVD-2024-39275
A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2024-45256
An arbitrary file write issue in the exfiltration endpoint in BYOB Build Your Own Botnet 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in fileadd in api/files/routes.py...
CVE-2024-45256
CVE-2024-45256 affects BYOB (Build Your Own Botnet) 2.0. The issue is an arbitrary file write in the exfiltration endpoint (file_add in api/files/routes.py) that lets unauthenticated attackers overwrite SQLite databases and bypass authentication via a crafted HTTP parameter. Several sources confi...
CVE-2024-5017
In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information disclosure...