Every CVE whose affected-product data names Openwrt Luci, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2019-12272 — CVSS 9.8 (critical): In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web…
CVE-2026-32721 — CVSS 8.6 (high): LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless…
CVE-2021-27821 — CVSS 6.1 (medium): The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability.
CVE-2022-41435 — CVSS 5.4 (medium): OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component…
CVE-2023-24181 — CVSS 5.4 (medium): LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the…
CVE-2020-10871 — CVSS 5.3 (medium): In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor…