8.8
CVE-2025-59814 - Unauthenticated SQL-injection in password field
This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and ICX510 Gateway Billing Admin endpoint, enabling them to read the entire contents of the Billing Admin database.
5.3
CVE-2025-10963 - Wavlink NU516U1 firewall.cgi sub_4016F0 command injection
A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. Affected is the function sub_4016F0 of the file /cgi-bin/firewall.cgi. The manipulation of the argument del_flag results in command injection. It is possible to launch the attack remotely. The exploit has been released to the pubβ¦
5.3
CVE-2025-10962 - Wavlink NU516U1 SetName wireless.cgi sub_403198 command injection
A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This impacts the function sub_403198 of the file /cgi-bin/wireless.cgi of the component SetName Page. The manipulation of the argument mac_5g leads to command injection. It is possible to initiate the attack remotely. The exploit is pβ¦
5.1
CVE-2025-10961 - Wavlink NU516U1 Delete_Mac_list wireless.cgi sub_4030C0 command injection
A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. This affects the function sub_4030C0 of the file /cgi-bin/wireless.cgi of the component Delete_Mac_list Page. Executing manipulation of the argument delete_list can lead to command injection. The vendor was contacted early about this β¦
5.3
CVE-2025-10960 - Wavlink NU516U1 DeleteMac wireless.cgi sub_402D1C command injection
A vulnerability was found in Wavlink NU516U1 M16U1_V240425. The impacted element is the function sub_402D1C of the file /cgi-bin/wireless.cgi of the component DeleteMac Page. Performing manipulation of the argument delete_list results in command injection. The attack is possible to be carried out rβ¦
5.3
CVE-2025-10959 - Wavlink NU516U1 firewall.cgi sub_401778 command injection
A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. The affected element is the function sub_401778 of the file /cgi-bin/firewall.cgi. Such manipulation of the argument dmz_flag leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the publiβ¦
5.3
CVE-2025-10958 - Wavlink NU516U1 AddMac wireless.cgi sub_403010 command injection
A flaw has been found in Wavlink NU516U1 M16U1_V240425. Impacted is the function sub_403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument macAddr causes command injection. Remote exploitation of the attack is possible. The exploit has been publishβ¦
8.6
CVE-2025-34227 - Nagios XI < 2026R1 Configuration Wizard Authenticated Command Injection
Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provided to the service and execute arbitrary system comβ¦
8.7
CVE-2025-10880 - Insufficiently Protected Credentials in Dingtian DT-R002
All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol password by sending an unauthenticated GET request.
8.7
CVE-2025-10879 - Insufficiently Protected Credentials in Dingtian DT-R002
All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user's username without authentication.