An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted parame
OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allow
Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may o
A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary commands, leading to the device exec
An error related to the 2-factor authorization (2FA) on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to bypass the 2FA. The vulnerability requires that the 2FA s
Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files v
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipu
An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without prov
A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the cloudupdate_check binary, specifically in the sub_402414 function that handles cloud up
A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may b
A vulnerability in a system binary of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to inject commands into the underlying operating system while using the CLI. Successful e
An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the samba_wg and samba_nbn parameters. This vulnerability allows attackers to execute arbitrary operating system (OS)
A security vulnerability has been detected in CloudPanel Community Edition up to 2.5.1. The affected element is an unknown function of the file /admin/users of the component HTTP Header Handler. Such
An authentication bypass and disclosure of information vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbi
Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypa
A vulnerability in the SSH server of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for the SSH server of
ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, potentially could enable an authenti
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in broken access control has been identified in the /api/v1/setting
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive