5.3
CVE-2025-9583 - Comfast CF-N1 webmgnt ping_config command injection
A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the function ping_config of the file /usr/bin/webmgnt. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
7.5
CVE-2025-6203 - Vault unauthenticated denial of service through complex json payload
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vaultβs auditing subroutine, potentially resulting in the Vault server to become unresponβ¦
5.3
CVE-2025-9582 - Comfast CF-N1 webmgnt ntp_timezone command injection
A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntp_timezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used.
5.3
CVE-2025-9581 - Comfast CF-N1 webmgnt multi_pppoe command injection
A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the function multi_pppoe of the file /usr/bin/webmgnt. Performing manipulation of the argument phy_interface results in command injection. The attack may be initiated remotely. The exploit is now public and may be used.
5.3
CVE-2025-9580 - LB-LINK BL-X26 HTTP set_blacklist os command injection
A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/set_blacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been discloβ¦
5.3
CVE-2025-9579 - LB-LINK BL-X26 HTTP set_hidessid_cfg os command injection
A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/set_hidessid_cfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been maβ¦
2
CVE-2025-9577 - TOTOLINK X2000R Administrative shadow.sample default credentials
A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this naturβ¦
5.1
CVE-2025-31971 - AIML Solutions for HCL SX is susceptible to a URL validation vulnerability
AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability.Β The issue may allow attackers to launch a server-side request forgery (SSRF) attack enabling unauthorized network calls from the system, potentially exposing internal services or sensitive information.
2
CVE-2025-9576 - seeedstudio ReSpeaker Administrative shadow default credentials
A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown function of the file /etc/shadow of the component Administrative Interface. The manipulation leads to use of default credentials. An attack has to be approached locally. A high degree of complexity is needed β¦
5.3
CVE-2025-9575 - Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 upload.cgi cgiMain os command injection
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function cgiMain of the file /cgi-bin/upload.cgi. Executing manipulation of the argument filename can lead to os command injectβ¦