Linksys WUMC710 Command Injection Vulnerability

The Linksys WUMC710 is a universal media connector from Linksys USA. A command injection vulnerability exists in the Linksys WUMC710 Wireless-AC Universal Media Connector version 1.0.02 build3 and prior versions. The vulnerability stems from the dosetNTP function in the httpd binary that uses...

EUVD-2022-42743

The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers...

CVE-2019-11180

Insufficient input validation in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access...

Teltonika RUT9XX Unauthenticated OS Command Injection Exploit

Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges...