CVE-2025-44880 – Wavlink WL-WN579A3 Command Injection Vulnerability

May 20, 2025

CVE ID : CVE-2025-44880

Published : May 20, 2025, 9:15 p.m. | 2 hours, 18 minutes ago

Description : A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-44897 – Fiberhome FW-WGS-804HPT Stack Overflow Vulnerability

Next Article CVE-2025-4998 – H3C Magic R200G HTTP POST Request Handler Denial of Service Vulnerability

Highlights

CVE-2025-30359 – Webpack-dev-server Cross-Site Scripting (XSS) and Prototype Pollution

June 3, 2025

CVE ID : CVE-2025-30359

Published : June 3, 2025, 6:15 p.m. | 1 hour, 15 minutes ago

Description : webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users’ source code may be stolen when they access a malicious web site. Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject a malicious script in their site and run the script. Note that the attacker has to know the port and the output entrypoint script path. Combined with prototype pollution, the attacker can get a reference to the webpack runtime variables. By using `Function::toString` against the values in `__webpack_modules__`, the attacker can get the source code. Version 5.2.1 contains a patch for the issue.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Stop writing tests: Automate fully with Generative AI

Opsera’s Codeglide.ai lets developers easily turn legacy APIs into MCP servers

Black Duck Security GitHub App, NuGet MCP Server preview, and more – Daily News Digest

10 Ways Node.js Development Boosts AI & Real-Time Data (2025-2026 Edition)

This new Coros watch has 3 weeks of battery life and tracks way more – even fly fishing

5 ways automation can speed up your daily workflow – and implementation is easy

This new C-suite role is more important than ever in the AI era – here’s why

iPhone users may finally be able to send encrypted texts to Android friends with iOS 26

Creating Dynamic Real-Time Features with Laravel Broadcasting

Creating Dynamic Real-Time Features with Laravel Broadcasting

Understanding Tailwind CSS Safelist: Keep Your Dynamic Classes Safe!

Sitecore’s Content SDK: Everything You Need to Know

Why GNOME Replaced Eye of GNOME with Loupe as the Default Image Viewer

Why GNOME Replaced Eye of GNOME with Loupe as the Default Image Viewer

Microsoft admits it broke “Reset this PC” in Windows 11 23H2 KB5063875, Windows 10 KB5063709

How to Fix “EA AntiCheat Has Detected an Incompatible Driver” on Windows 11?

CVE-2025-44880 – Wavlink WL-WN579A3 Command Injection Vulnerability

Investors beware: AI-powered financial scams swamp social media

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

Building a Multi-Agent Conversational AI Framework with Microsoft AutoGen and Gemini API

CVE-2025-48914 – Drupal COOKiES Consent Management Cross-Site Scripting (XSS)

Chrome to introduce Keyboard Shrotcuts for Tab Groups

13 Best Free and Open Source Terminal-Based Podcast Tools

CVE-2025-30359 – Webpack-dev-server Cross-Site Scripting (XSS) and Prototype Pollution

CVE-2025-4134 – Avast Business Antivirus for Linux File Validation Bypass

CVE-2025-47891 – Apache Struts Command Injection

Take the State of HTML survey today

CVE-2025-44880 – Wavlink WL-WN579A3 Command Injection Vulnerability

Related Posts