Weekly Threat & Vulnerabilities Report

Critical argument injection vulnerability in PHP on Windows servers

Command Injection Vulnerability in D-Link NASdevices

Remote code execution vulnerability in Metabaseopen source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1.

Buffer overflow vulnerability in the ID processingfunction in Zyxel ATP series firmware versions leads to denial of service orremote code execution on affected device

Command injection vulnerability in LB-LINK devices.

Command Injection Vulnerability in TP-Link ArcherAX-21.

Server-Side Request Forgery Vulnerability inMicrosoft Exchange Server

Hardcoded encryption/decryption key vulnerability in Wavlink

cross-site scripting vulnerability in Wavlink Devices

Command injection vulnerability via the Ping function in Tenda Products

An unauthenticated command injection vulnerabilityfound in the TP-Link Archer AX21 WiFi router.

Command injection vulnerability in LB-LINK BL-AC1900_2.0 1.0.1, BL-WR9000 2.4.9, BL-X26 1.2.5 and BL-LTE300 1.0.8

Path traversal vulnerability in Apache HTTP Server

Remote code execution vulnerability in Huawei HG532 router

Improper protocol access control vulnerability in Eir D1000 modem.

Remote code execution vulnerability in MVPower CCTVDVR models

Spoofing vulnerability in Microsoft Windows MSHTML Platform