Tag
high
advisory
CVE-2026-61875: Stored Cross-Site Scripting in OpenWrt luci-app-upnp
2 TTPs 1 CVECVE-2026-61875 details a stored cross-site scripting vulnerability in OpenWrt's luci-app-upnp that allows unauthenticated LAN clients to inject malicious JavaScript into UPnP IGD AddPortMapping SOAP requests, leading to client-side code execution in an administrator's browser when viewing specific web interface pages.
luci-app-upnp
cross-site-scripting
xss
openwrt
router
web-vulnerability
client-side-execution
2t
1c
high
advisory
OpenWrt luci-app-samba4 Vulnerability Allows Remote Command Execution
1 rule 2 TTPs 1 CVEA vulnerability in OpenWrt's luci-app-samba4, identified as CVE-2026-59260, allows authenticated delegated users to achieve remote command execution on the Samba daemon by leveraging improper ACLs that grant `file.exec` permission on `/usr/sbin/smbd`.
luci-app-samba4
openwrt
samba
cve
rce
network
linux
1r
2t
1c