CVE-2026-24788
- EPSS 0.09%
- Veröffentlicht 02.02.2026 04:37:03
- Zuletzt bearbeitet 03.02.2026 16:44:36
RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product.
CVE-2025-50428
- EPSS 1.54%
- Veröffentlicht 27.08.2025 17:15:41
- Zuletzt bearbeitet 09.09.2025 18:45:52
In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter.
CVE-2025-44163
- EPSS 0.05%
- Veröffentlicht 27.06.2025 00:00:00
- Zuletzt bearbeitet 10.11.2025 20:38:28
RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the `entity` parameter to overwrite arbitrary files writable ...
CVE-2024-36622
- EPSS 0.61%
- Veröffentlicht 29.11.2024 18:15:08
- Zuletzt bearbeitet 02.07.2025 20:41:55
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter.