NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.

...

AZL-70046 CVE-2025-59777 affecting package libmicrohttpd for versions less than 0.9.77-4

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...

EUVD-2025-41747

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...

EUVD-2024-54893

Malicious code in bioql PyPI...

Exploit for CVE-2024-29671

NEXTU FLETA Wifi6 Router RCE Exploit POC This document...

CVE-2024-45827

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may execute an arbitrary OS command...

CVE-2024-46503

...

CVE-2024-4309

HubBank CVE-2024-4309 is a SQL injection in HubBank v1.0.2 affecting parameterized id values on endpoints /user/transaction.php?id=1, /user/credit-debit_transaction.php?id=1, /user/view_transaction.php?id=1, and /user/viewloantrans.php?id=1. Root cause: improper handling of user input leading to ...

CVE-2023-51987

D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords...

Command injection

D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell...

CVE-2023-51984

CVE-2023-51984 affects D-Link DIR-822+ (V1.0.2). The vulnerability is a command injection in the SetStaticRouteSettings function that allows remote attackers to execute arbitrary commands via the shell. Sources from multiple feeds (NVD, Red Hat, CNVD, CNNVD, CVE List) corroborate the impact descr...

CVE-2023-51989

...

CVE-2023-51989

CVE-2023-51989 is a reservation/duplicate entry, but connected documents describe a concrete issue: D-Link DIR-822+ (firmware v1.0.2) suffers a login bypass in the HNAP1 interface, allowing login to administrator accounts with empty passwords due to missing authentication for a critical function....

CVE-2023-51987

CVE-2023-51987 affects D-Link DIR-822+ router (V1.0.2). The HNAP1 interface contains a login bypass that lets an attacker log in to an administrator account using an empty password. Root cause: missing authentication in HNAP1. Impact: potential unauthorized admin access with high confidentiality,...

Command injection

Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint...

CVE-2023-28424 Soko SQL Injection vulnerability

Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, Search and SearchFeed, implemented in pkg/app/handler/packages/search.go, are affected by a SQL injection via the q parameter. As a result, unauthenticated attackers can execute arbitrary SQ...

CVE-2022-1673

The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 does not escape the errorenvision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability...

CVE-2022-28995

Rengine v1.0.2 was discovered to contain a remote code execution RCE vulnerability via the yaml configuration function...

CVE-2022-28995

Rengine v1.0.2 was discovered to contain a remote code execution RCE vulnerability via the yaml configuration function...

Remote code execution

Rengine v1.0.2 was discovered to contain a remote code execution RCE vulnerability via the yaml configuration function...