Lontan0

#8489of 53,630
32.4Total CVSS
Vulnerabilities · 4
Medium
1
High
2
Critical
1
PT-2026-6994
9.0
2026-02-04
D Link · Dir-600M · CVE-2026-2163
**Name of the Vulnerable Software and Affected Versions** D-Link DIR-600 versions prior to 2.15WWb02 **Description** A flaw exists in D-Link DIR-600 firmware up to version 2.15WWb02 related to the `ssdp.cgi` file. Manipulation of the `HTTP ST/REMOTE ADDR/REMOTE PORT/SERVER ID` argument can lead to command injection. This issue is remotely exploitable. The exploit is publicly available. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** Update to a version prior to 2.15WWb02.
PT-2025-53654
10
2025-12-25
D Link · Dir-600M · CVE-2025-15194
**Name of the Vulnerable Software and Affected Versions** D-Link DIR-600 versions prior to 2.15WWb02 **Description** A stack-based buffer overflow exists in the HTTP Header Handler component of D-Link DIR-600. The issue is due to the manipulation of the `Cookie` argument within the `hedwig.cgi` file. This allows for remote exploitation. The exploit has been made public. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-33148
8.8
2025-08-03
D Link · D-Link Dir-818Lw · CVE-2025-8956
Name of the Vulnerable Software and Affected Versions: D-Link DIR-818L versions up to 1.05B01 Description: A vulnerability exists in D-Link DIR-818L that allows for remote command injection. The issue is located within the `getenv` function of the `/htdocs/cgibin` file, specifically in the `ssdpcgi` component. The exploit for this issue has been publicly disclosed. Recommendations: Update D-Link DIR-818L to a version later than 1.05B01.
PT-2025-21602
4.6
2025-05-16
Code Projects · Employee Records System · CVE-2025-4744
Name of the Vulnerable Software and Affected Versions: code-projects Employee Record System version 1.0 Description: A problematic issue has been found in the Employee Record System, affecting some unknown functionality of the file dashboardedit employee.php. The manipulation of the arguments `employeed id`, `first name`, `middle name`, and `last name` leads to cross-site scripting. The attack can be launched remotely. Recommendations: For code-projects Employee Record System version 1.0, consider restricting access to the dashboardedit employee.php file until a patch is available. As a temporary workaround, avoid using the arguments `employeed id`, `first name`, `middle name`, and `last name` in the affected file to minimize the risk of exploitation.