EUVD-2025-175365

A command injection vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592B20191022ALL within the system.so binary. The setDiagnosisCfg function retrieves the ipDoamin parameter from user input via websGetVar and concatenates it directly into a ping system command executed via...

CVE-2025-60702

A command injection vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592B20191022ALL within the system.so binary. The setDiagnosisCfg function retrieves the ipDoamin parameter from user input via websGetVar and concatenates it directly into a ping system command executed via...

EUVD-2025-175335

A vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user input. An...

EUVD-2025-175329

A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit...

CVE-2025-60697

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...

CVE-2025-60698

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub432F60 function in prog.cgi stores user-supplied SetSysLogSettings/IPAddress values in NVRAM via nvramsafeset"SysLogRemoteIPAddress", .... These values are...

CVE-2025-60697

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...

CVE-2025-20353

A vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user input. An...

CVE-2025-20355

A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit...

CVE-2025-20349

A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker...

CVE-2025-20355 Cisco Catalyst Center Software HTTP Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit...

CVE-2025-20353 Cisco Catalyst Center Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user input. An...

CVE-2025-20353

The CVE-2025-20353 issue affects Cisco Catalyst Center web-based management interface. It is caused by insufficient validation of user input, enabling an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack by convincing a user to click a crafted link. Successful exploi...

CVE-2025-60684

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB V9.1.0u.6619B20230130 and NR1800X V9.1.0u.6681B20230703 Router firmware within the cstecgi.cgi binary sub42F32C function. The web interface reads the "lang" parameter and constructs Help URL strings using sprintf into fixed-siz...

CVE-2025-60697

Affects: D-Link DIR-882 router firmware (DIR882A1_FW102B02). Vulnerable path: prog.cgi (sub_4438A4) stores user-controlled DDNS fields (ServerAddress, Hostname) in NVRAM via nvram_safe_set; rc (start_DDNS_ipv4) reads them via nvram_safe_get, concatenates into DDNS commands, and executes with twsy...

CVE-2025-60699

Summary: CVE-2025-60699 concerns TOTOLINK A950RG router firmware (V5.9c.4592_B20191022_ALL) with a buffer overflow in the global.so binary. The getSaveConfig function reads the http_host parameter via websGetVar and copies it into a fixed-size stack buffer (v13) using strcpy() without length chec...

PT-2025-46882

Name of the Vulnerable Software and Affected Versions D-Link DIR-882 Router firmware version DIR882A1 FW102B02 Description A command injection issue exists in the D-Link DIR-882 Router firmware. The sub 432F60 function within the prog.cgi binary stores user-supplied SetSysLogSettings/IPAddress...

CVE-2025-60701

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub433188 function in prog.cgi stores user-supplied email configuration parameters EmailFrom, EmailTo, SMTPServerAddress, SMTPServerPort, AccountName in NVRAM v...

PT-2025-46853

Name of the Vulnerable Software and Affected Versions Cisco Catalyst Center affected versions not specified Description A flaw exists in the REST API of Cisco Catalyst Center that could allow a remote attacker with valid credentials at least Observer role to execute arbitrary commands within a...

CVE-2025-60700

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and librcm.so binaries. The sub4455BC function in prog.cgi stores user-supplied SetDMZSettings/IPAddress values in NVRAM via nvramsafeset"dmzipaddr", .... These values are later...