5.3

CVSS4.0

CVE-2025-67713 - Miniflux 2 has an Open Redirect via protocol-relative `redirect_url`

Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to attacker-โ€ฆ

๐Ÿ“… Published: Dec. 11, 2025, 12:17 a.m. ๐Ÿ”„ Last Modified: Feb. 2, 2026, 3:05 p.m.

8.8

CVSS3.1

CVE-2025-56093 -

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the setWisp in file /usr/lib/lua/luci/modules/wireless.lua.

๐Ÿ“… Published: Dec. 11, 2025, midnight ๐Ÿ”„ Last Modified: Jan. 27, 2026, 5:52 p.m.

8.8

CVSS3.1

CVE-2025-56113 -

OS Command Injection vulnerability in Ruijie RG-YST EST, YSTAP_3.0(1)B11P280YST250F V1.xxV2.xx allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.

๐Ÿ“… Published: Dec. 11, 2025, midnight ๐Ÿ”„ Last Modified: Feb. 11, 2026, 7:38 p.m.

8.8

CVSS3.1

CVE-2025-56107 -

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submit_wifi in file /usr/lib/lua/luci/controller/admin/common_quick_config.lua.

๐Ÿ“… Published: Dec. 11, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 26, 2025, 2:46 p.m.

8.8

CVSS3.1

CVE-2025-56122 -

OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.

๐Ÿ“… Published: Dec. 11, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 23, 2025, 3:35 p.m.

8.8

CVSS3.1

CVE-2025-56120 -

OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.

๐Ÿ“… Published: Dec. 11, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 23, 2025, 3:51 p.m.

8.8

CVSS3.1

CVE-2025-56087 -

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the run_tcpdump in file /usr/lib/lua/luci/controller/admin/common_tcpdump.lua.

๐Ÿ“… Published: Dec. 11, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 26, 2025, 2:47 p.m.

8.8

CVSS3.1

CVE-2025-56084 -

OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.

๐Ÿ“… Published: Dec. 11, 2025, midnight ๐Ÿ”„ Last Modified: Feb. 11, 2026, 7:39 p.m.

8.8

CVSS3.1

CVE-2025-56079 -

OS Command Injection vulnerability in Ruijie RG-EW1300G EW1300G V1.00/V2.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.

๐Ÿ“… Published: Dec. 11, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 26, 2025, 2:32 p.m.

8.8

CVSS3.1

CVE-2025-56077 -

OS Command Injection vulnerability in Ruijie RG-RAP2200(E) 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.

๐Ÿ“… Published: Dec. 11, 2025, midnight ๐Ÿ”„ Last Modified: Dec. 26, 2025, 2:40 p.m.
Total resulsts: 346643
Page 2412 of 34,665
ยซ previous page ยป next page
Filters