OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'enable' parameter in the setLedCfg function of /cgi-bin/cstecgi.cgi. Public exploit code exists (GitHub), making this vulnerability immediately weaponizable with CVSS 9.8 (Critical). EPSS data not available, but no CISA KEV listing indicates no confirmed widespread exploitation despite POC availability.
OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via the setTracerouteCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists on GitHub, significantly lowering the attack barrier. CVSS 9.8 (Critical) with network vector, low complexity, and no authentication required indicates maximum exploitability. While not confirmed in CISA KEV, the public POC makes this an immediate patching priority for affected devices.
OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via crafted requests to the /cgi-bin/cstecgi.cgi endpoint. The vulnerability resides in the setDiagnosisCfg function's insufficient validation of the 'ip' parameter. Publicly available exploit code exists (GitHub POC published), significantly lowering exploitation barriers. CVSS 9.8 (Critical) reflects network-accessible, low-complexity attack requiring no authentication. No vendor-released patch identified at time of analysis.
OS command injection in Totolink A7100RU router firmware (version 7.4cu.2313_b20191024) allows unauthenticated remote attackers to execute arbitrary system commands via the 'enable' parameter in the setAppCfg function of /cgi-bin/cstecgi.cgi. CVSS 9.8 critical severity with network attack vector, low complexity, and no authentication required. Publicly available exploit code exists on GitHub, significantly lowering the barrier to exploitation, though no CISA KEV listing indicates targeted campaigns have not been observed at time of analysis.
OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via the 'proto' parameter in setNetworkCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, significantly lowering the exploitation barrier. CVSS 9.8 (Critical) reflects network-accessible attack requiring no authentication or user interaction.
OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the ttyEnable parameter in the setTtyServiceCfg function of /cgi-bin/cstecgi.cgi. Public exploit code is available (GitHub POC published). CVSS 9.8 critical severity with network vector, low complexity, and no privileges required. No vendor-released patch identified at time of analysis, representing immediate risk to internet-facing devices.
OS command injection in Totolink A7100RU router firmware version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the CGI interface. The setRadvdCfg function in /cgi-bin/cstecgi.cgi fails to sanitize the maxRtrAdvInterval parameter, enabling command injection through crafted HTTP requests. Publicly available exploit code exists on GitHub, significantly lowering exploitation barriers. CVSS 9.8 critical rating reflects network-accessible attack vector with no authentication or user interaction required, enabling full system compromise.
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Stack-based buffer overflow in Tenda F451 router firmware 1.0.0.7 enables authenticated remote attackers to execute arbitrary code with high privileges via crafted 'entrys' parameter to the /goform/addressNat endpoint. The vulnerability resides in the fromAddressNat function of the httpd component. Public exploit code is available (GitHub), with EPSS indicating moderate exploitation probability. Requires low-privilege authentication (PR:L) but has low attack complexity (AC:L), making it accessible to attackers with basic router credentials.
Stack-based buffer overflow in Tenda F451 wireless router (firmware 1.0.0.7_cn_svn7958) allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the frmL7ImForm function handling the 'page' parameter at /goform/L7Im endpoint. Publicly available exploit code exists (GitHub POC published), significantly lowering exploitation barriers. CVSS 8.8 (High) reflects network-accessible attack vector with low complexity, requiring only low-privilege authentication. No vendor-released patch identified at time of analysis.
Stack-based buffer overflow in Tenda F451 router firmware version 1.0.0.7_cn_svn7958 allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the fromSetIpBind function accessible via /goform/SetIpBind endpoint, where manipulation of the 'page' parameter triggers memory corruption. Publicly available exploit code exists (GitHub POC published), significantly lowering the barrier to exploitation despite requiring low-privilege authentication. CVSS 8.8 severity reflects network accessibility, low attack complexity, and complete system compromise potential.
Stack-based buffer overflow in Tenda F451 router (version 1.0.0.7_cn_svn7958) allows authenticated remote attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. The vulnerability resides in the fromSafeUrlFilter function handling the 'page' parameter in /goform/SafeUrlFilter endpoint. Publicly available exploit code exists (GitHub POC), significantly lowering exploitation barrier. With CVSS 8.8 (Critical) and low attack complexity, this represents a serious risk to deployed devices, though exploitation requires authenticated access (PR:L) to the router's web interface.
Stack-based buffer overflow in Tenda F451 router firmware 1.0.0.7 allows authenticated remote attackers to achieve complete system compromise via the SafeMacFilter function. The vulnerability is exploitable over the network with low complexity, requiring only basic user credentials. Publicly available exploit code exists (GitHub POC), significantly lowering the barrier for exploitation. CVSS 8.8 (High) severity with potential for code execution, data theft, and device takeover.
Stack-based buffer overflow in Tenda F451 router version 1.0.0.7 allows authenticated remote attackers to execute arbitrary code with high impact to confidentiality, integrity, and availability. The vulnerability resides in the httpd component's frmL7ProtForm function when processing the 'page' parameter in /goform/L7Prot. Publicly available exploit code exists (GitHub POC published), enabling attackers with low-privilege credentials to achieve full system compromise. CVSS 8.8 (High) with low attack complexity and no user interaction required. No vendor-released patch identified at time of analysis.
Stack-based buffer overflow in Tenda F451 router firmware version 1.0.0.7 allows authenticated remote attackers to achieve full system compromise via crafted HTTP requests to the wireless client configuration endpoint. The vulnerability (CVSS 8.8) exists in the WrlclientSet function within the httpd service and requires only low-privilege authentication. Publicly available exploit code has been published on GitHub, significantly lowering the barrier to exploitation, though no active exploitation is confirmed in CISA KEV at time of analysis.
Stack-based buffer overflow in Tenda F451 router version 1.0.0.7 allows authenticated remote attackers to achieve complete system compromise through the DHCP client list function. The vulnerability exists in the httpd service's /goform/DhcpListClient endpoint via the 'page' parameter. Publicly available exploit code exists (GitHub POC published), enabling low-complexity attacks that can result in full confidentiality, integrity, and availability compromise. CVSS 8.8 reflects high impact across all security objectives with minimal attack complexity, though low-privileged authentication is required.
Stack-based buffer overflow in Tenda F451 router firmware version 1.0.0.7_cn_svn7958 allows remote authenticated attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability resides in the fromqossetting function's handling of the 'qos' parameter in /goform/qossetting endpoint. Publicly available exploit code (GitHub PoC) significantly lowers the barrier to exploitation. CVSS 7.4 (High) with low attack complexity and network attack vector indicates elevated risk for exposed devices, though low-privilege authentication is required.
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A logic error in the Linux kernel's BPF (Berkeley Packet Filter) verifier allows local attackers with low privileges to exploit verifier/runtime divergence and achieve out-of-bounds map access, enabling arbitrary memory read/write and privilege escalation. The flaw affects the maybe_fork_scalars() function which incorrectly handles BPF_OR operations during state forking, tracking destination register as 0 when the runtime value is K (the constant operand). Patches are available from kernel.org for versions 6.12.80, 6.18.21, 6.19.11, and 7.0-rc5. EPSS score is extremely low (0.01%) and no public exploit or active exploitation has been identified at time of analysis.