10 matches found
CVE-2026-30874
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...
EUVD-2026-13378
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...
CVE-2026-30874
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...
CVE-2026-30872
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the matchipv6addresses function, triggered when processing PTR queries for IPv6 reverse DNS domains .ip6.arpa receiv...
CVE-2026-30873 OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...
CVE-2026-30873 OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...
PT-2026-26382
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jp get token function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...
PT-2026-26380
Name of the Vulnerable Software and Affected Versions OpenWrt Project versions prior to 24.10.6 and versions prior to 25.12.1 Description The OpenWrt Project, a Linux operating system for embedded devices, is affected by a Stack-based Buffer Overflow in the mdns daemon. The issue resides within t...
OpenWrt 安全漏洞
OpenWrt is an open-source Linux operating system designed for embedded devices. Versions of OpenWrt prior to 24.10.6 contained security vulnerabilities. These vulnerabilities were caused by a bypass of environment variable filtering in the hotplugcall function, which could lead to privilege...
CVE-2025-8432 CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON
Incorrect Default Permissions vulnerability in Centreon Infra Monitoring MBI modules allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15...