CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.16)
A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component due to improper string conversion when reading data from a USB device. A local attacker can connect a maliciously configured USB device during boot sequence, causing GRUB to crash and leading to a Denial of Service (DoS). Data corruption may also be possible, but due to exploit complexity the impact is likely limited.
A use-after-free vulnerability has been identified in GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service.
A Use-after-Free vulnerability has been found in the GRUB2 bootloader's network module. The flaw is caused by improper unregistration of the net_set_vlan command when the module is unloaded from memory. An attacker can exploit this to cause system instability and a complete crash.
A remote command execution (RCE) vulnerability was found in H3C ERG3/ERG5, XiaoBei routers, cloud gateways, and wireless access points. Attackers can inject crafted commands via the sessionid parameter.
A stored cross-site scripting vulnerability was found in SourceCodester Student Grades Management System 1.0. The create_classroom function in /classroom.php fails to sanitize the name/description arguments, allowing script injection.
A flaw was found in libvirt where external inactive snapshots for shut-down VMs are incorrectly created as world-readable, allowing unprivileged users to inspect guest OS contents. This results in an information disclosure vulnerability.
OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in the /system/update-run.php file. This allows an attacker to inject malicious JavaScript code that can be executed in the victim's browser.
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal.
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes.
Serwer Alteryx w wersjach 2022.1.1.42654 i 2024.1 nie weryfikował uprawnień użytkowników do dostępu do określonych identyfikatorów obiektów MongoDB podczas przetwarzania żądań API. Umożliwia to atakującym uzyskanie dostępu do rekordów innych użytkowników, w tym kluczy API administracyjnych i prywatnych kluczy API studia.
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed via system().
A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries. The vulnerability occurs because parsed fields from the /tmp/new_qos.rule configuration file are concatenated into command strings and executed via system() without any sanitization.
A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the USB storage handling module. The issue occurs when the "Serial Number" field from a USB device is read via sscanf into a 64-byte stack buffer, while fgets reads up to 127 bytes, causing a stack overflow.
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDMZSettings' functionality, where the 'IPAddress' parameter in prog.cgi is stored in NVRAM and later used by librcm.so to construct iptables commands executed via twsystem(). An attacker can exploit this vulnerability remotely without authentication by sending a specially crafted HTTP request, leading to arbitrary command execution on the device.
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The issue is in the 'SetDynamicDNSSettings' functionality, where 'ServerAddress' and 'Hostname' parameters are stored in NVRAM and later used to construct system commands executed via twsystem(). An attacker can exploit this remotely without authentication by sending a crafted HTTP request, leading to arbitrary command execution on the device.
A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to six user-supplied CGI parameters matching <parameter>_0~5 into a fixed-size buffer (a2) without proper bounds checking, appending colon delimiters during concatenation. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication.
A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linux_vlan_reinit file. The vulnerability occurs because content read from this file is only partially validated for a prefix and then formatted using vsnprintf() before being executed with system(), allowing an attacker with write access to /var/system/linux_vlan_reinit to execute arbitrary commands on the device.
A stack-based buffer overflow vulnerability exists in the mtk_dut binary of Linksys E7350 routers (Firmware 1.1.00.032). The function sub_4045A8 reads up to 256 bytes from /sys/class/net/%s/address into a local buffer and copies it into caller-provided buffer a1 using strcpy without boundary checks. Since a1 is often allocated with significantly smaller sizes (20-32 bytes), local attackers controlling the contents of /sys/class/net/%s/address can trigger buffer overflows.
An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). User-supplied CGI parameters (wl_ant, wl_ssid, wl_rate, ttcp_num, ttcp_ip, ttcp_size) are concatenated into system command strings without proper sanitization and executed via wl_exec_cmd, allowing remote attackers to execute arbitrary commands without authentication.
A stack buffer overflow vulnerability was found in the setDefResponse function of the cstecgi.cgi binary in ToToLink LR1200GB and NR1800X routers. An unauthenticated attacker can send a crafted "IpAddress" parameter, causing a buffer overflow that may lead to arbitrary code execution.

