Aggregator

CVE-2025-1612 | Edimax BR-6288ACL 1.30 wireless5g_basic.asp SSID cross site scripting

VulDB Recent Entries
9 months 3 weeks ago
A vulnerability was found in Edimax BR-6288ACL 1.30. It has been declared as problematic. This vulnerability affects unknown code of the file wireless5g_basic.asp. The manipulation of the argument SSID leads to cross site scripting. This vulnerability was named CVE-2025-1612. The attack can be initiated remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-1611 | ShopXO up to 6.4.0 Template ThemeAdminService.php injection

VulDB Recent Entries
9 months 3 weeks ago
A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. This vulnerability is uniquely identified as CVE-2025-1611. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-1610 | LB-LINK AC1900 Router 1.0.2 /goform/set_blacklist websGetVar mac/enable os command injection

VulDB Recent Entries
9 months 3 weeks ago
A vulnerability was found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this issue is the function websGetVar of the file /goform/set_blacklist. The manipulation of the argument mac/enable leads to os command injection. This vulnerability is handled as CVE-2025-1610. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-1609 | LB-LINK AC1900 Router 1.0.2 /goform/set_cmd websGetVar os command injection

VulDB Recent Entries
9 months 3 weeks ago
A vulnerability has been found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this vulnerability is the function websGetVar of the file /goform/set_cmd. The manipulation of the argument cmd leads to os command injection. This vulnerability is known as CVE-2025-1609. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-1608 | LB-LINK AC1900 Router 1.0.2 /goform/set_manpwd websGetVar routepwd  os command injection

VulDB Recent Entries
9 months 3 weeks ago
A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Affected is the function websGetVar of the file /goform/set_manpwd. The manipulation of the argument routepwd  leads to os command injection. This vulnerability is traded as CVE-2025-1608. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-1607 | SourceCodester Best Employee Management System 1.0 /admin/salary_slip.php id authorization

VulDB Recent Entries
9 months 3 weeks ago
A vulnerability, which was classified as problematic, has been found in SourceCodester Best Employee Management System 1.0. This issue affects some unknown processing of the file /admin/salary_slip.php. The manipulation of the argument id leads to authorization bypass. The identification of this vulnerability is CVE-2025-1607. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-1606 | SourceCodester Best Employee Management System 1.0 backups.php information disclosure

VulDB Recent Entries
9 months 3 weeks ago
A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-1606. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2024-13728 | scottpaterson Accept Donations with PayPal & Stripe Plugin up to 1.4.4 on WordPress rf cross site scripting

VulDB Recent Entries
9 months 3 weeks ago
A vulnerability classified as problematic has been found in scottpaterson Accept Donations with PayPal & Stripe Plugin up to 1.4.4 on WordPress. This affects an unknown part. The manipulation of the argument rf leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13728. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2024-50377 | Advantech EKI-6333AC-2G/EKI-6333AC-2GD/EKI-6333AC-1GPO Backup Configuration os command injection

Vuldb Updates
9 months 3 weeks ago
A vulnerability was found in Advantech EKI-6333AC-2G, EKI-6333AC-2GD and EKI-6333AC-1GPO. It has been classified as critical. Affected is an unknown function of the component Backup Configuration Handler. The manipulation leads to os command injection. This vulnerability is traded as CVE-2024-50377. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com

CVE-2024-50376 | Advantech EKI-6333AC-2G/EKI-6333AC-2GD/EKI-6333AC-1GPO SSID os command injection

Vuldb Updates
9 months 3 weeks ago
A vulnerability was found in Advantech EKI-6333AC-2G, EKI-6333AC-2GD and EKI-6333AC-1GPO. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component SSID Handler. The manipulation leads to os command injection. This vulnerability is known as CVE-2024-50376. The attack needs to be done within the local network. There is no exploit available.
vuldb.com

Managed ad