PaloAltoNetworks/u42-vulnerability-disclosures

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-1723 ↗	Jan 30, 2026Friday, 30 January 2026, 21:15	—	—
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498_B20250826.
CVE-2025-15035 ↗	Jan 9, 2026Friday, 9 January 2026, 17:15	7.3 HIGH	—
Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107.
CVE-2025-11005 ↗	Sep 25, 2025Thursday, 25 September 2025, 21:15	9.8 CRITICAL	—
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1458_B20250708.
CVE-2025-52907 ↗	Sep 24, 2025Wednesday, 24 September 2025, 18:15	8.8 HIGH	—
Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207.
CVE-2025-52906 ↗	Sep 24, 2025Wednesday, 24 September 2025, 18:15	9.8 CRITICAL	—
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360_B20241207.
CVE-2025-52905 ↗	Sep 23, 2025Tuesday, 23 September 2025, 18:15	7.5 HIGH	—
Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects X6000R: through V9.4.0cu.1360_B20241207.