4 matches found
CVE-2026-36829
An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and...
Arbitrary Command Injection
Elysia is vulnerable to Arbitrary Command Injection. The vulnerability is due to unsanitized injection of dynamic cookie configuration into compiled routes, which allows an attacker with write access to the cookie configuration to inject and execute arbitrary code...
EUVD-2020-28811
Malware in sbrugna...
CVE-2022-4221 OS command injection in ASUS M25 NAS
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7...