CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

38 matches found

CVE•added 2026/02/16 2:32 a.m.•6 views

CVE-2026-2530

Summary: CVE-2026-2530 affects the Wavlink WL-WN579A3 router family (versions up to 20210219). The vulnerability resides in the AddMac function of /cgi-bin/wireless.cgi, where manipulating the macAddr argument enables remote command injection. The exploit has been publicly released, and multiple ...

8.8CVSS6.3AI score0.00377EPSS

Exploits1References4Affected Software1

RedhatCVE•added 2025/10/24 12:40 a.m.•3 views

CVE-2025-56008

Cross site scripting XSS vulnerability in KeeneticOS before 4.3 at "Wireless ISP" page allows attackers located near to the router to takeover the device via adding additional users with full permissions...

6.1CVSS6.1AI score0.00029EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-25498

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00073EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-25152

Malicious code in bioql PyPI...

4.8CVSS4AI score0.00037EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-31172

Malicious code in bioql PyPI...

4.8CVSS6.6AI score0.00301EPSS

Exploits1References1

RedhatCVE•added 2025/09/26 6:41 p.m.•2 views

CVE-2025-10961

A vulnerability was determined in Wavlink NU516U1 M16U1V240425. This affects the function sub4030C0 of the file /cgi-bin/wireless.cgi of the component DeleteMaclist Page. Executing manipulation of the argument deletelist can lead to command injection. The vendor was contacted early about this...

5.5CVSS6.8AI score0.00714EPSS

Exploits1References1

RedhatCVE•added 2025/09/26 5:49 p.m.•2 views

CVE-2025-10958

A flaw has been found in Wavlink NU516U1 M16U1V240425. Impacted is the function sub403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument macAddr causes command injection. Remote exploitation of the attack is possible. The exploit has been publish...

6.5CVSS6.5AI score0.00581EPSS

Exploits1References1

NVD•added 2025/09/25 6:15 p.m.•3 views

CVE-2025-10960

A vulnerability was found in Wavlink NU516U1 M16U1V240425. The impacted element is the function sub402D1C of the file /cgi-bin/wireless.cgi of the component DeleteMac Page. Performing manipulation of the argument deletelist results in command injection. The attack is possible to be carried out...

8.8CVSS0.00581EPSS

Exploits1References5

RedhatCVE•added 2025/05/23 10:17 a.m.•5 views

CVE-2024-32332

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting XSS vulnerability in WDS Settings under the Wireless Page...

6.1CVSS6AI score0.00182EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 10:17 a.m.•9 views

CVE-2024-32335

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting XSS vulnerability in Access Control under the Wireless Page...

5.4CVSS6AI score0.00165EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:55 a.m.•4 views

CVE-2024-28401

TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting XSS vulnerability in Root Access Control under the Wireless Page...

5.4CVSS6AI score0.00073EPSS

Exploits1References1

OSV•added 2024/05/14 3:37 p.m.•0 views

CVE-2024-33433

Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page...

4.8CVSS6.1AI score0.00301EPSS

Exploits1References1

NVD•added 2024/05/14 3:37 p.m.•12 views

CVE-2024-33433

Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page...

4.8CVSS7AI score0.00301EPSS

Exploits1References1

CVE•added 2024/05/13 7:56 p.m.•62 views

CVE-2024-33433

The CVE-2024-33433 entry concerns TOTOLINK X2000R (pre v1.0.0-B20231213.1013) with a Cross Site Scripting vulnerability in the Wireless Page caused by insufficient filtering/escaping of the Guest Access Control parameter. An attacker could exploit this via a crafted request to execute arbitrary W...

4.8CVSS7.3AI score0.00301EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2024/05/13 12:0 a.m.•1 views

PT-2024-25254 · Totolink · Totolink X2000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X2000R versions prior to v1.0.0-B20231213.1013 Description: The issue allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the "Wireless Page" API endpoint. This enables the attacker to perform...

4.8CVSS8.2AI score0.00301EPSS

Exploits1References2

CNVD•added 2024/04/22 12:0 a.m.•1 views

TOTOLINK N300RT Access Control Feature Cross-Site Scripting Vulnerability

The TOTOLINK N300RT is a wireless router designed for home and small business users. The TOTOLINK N300RT suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the Access Control feature on the Wireless page, which c...

5.4CVSS6.1AI score0.00165EPSS

Exploits1References1

OSV•added 2024/04/18 5:15 p.m.•0 views

CVE-2024-32335

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting XSS vulnerability in Access Control under the Wireless Page...

5.4CVSS5.8AI score

Exploits0References2

NVD•added 2024/04/18 5:15 p.m.•5 views

CVE-2024-32335

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting XSS vulnerability in Access Control under the Wireless Page...

5.4CVSS5.8AI score0.00165EPSS

Exploits1References2