PT-2025-18789 · Wavlink · Wavlink Wl-Wn530Hg4

Name of the Vulnerable Software and Affected Versions: Wavlink WL-WN530H4 version 20220801 Description: The issue is related to a command injection vulnerability in the ping test function of the adm.cgi via the pingIp parameter. This allows attackers to execute arbitrary commands via a crafted...

CVE-2025-30150

Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response, which indicates...

CVE-2024-54092

A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 All versions, Industrial Edge Device Kit - arm64 V1.18 All versions, Industrial Edge Device Kit - arm64 V1.19 All versions, Industrial Edge Device Kit - arm64 V1.20 All versions V1.20.2-1, Industrial Edge Device Kit -...

CVE-2024-54092

A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 All versions, Industrial Edge Device Kit - arm64 V1.18 All versions, Industrial Edge Device Kit - arm64 V1.19 All versions, Industrial Edge Device Kit - arm64 V1.20 All versions V1.20.2-1, Industrial Edge Device Kit -...

PT-2025-15286 · Zhangyanbo2007 · Youkefu

Name of the Vulnerable Software and Affected Versions: zhangyanbo2007 youkefu version 4.2.0 Description: A critical issue was found in the File Upload component, specifically affecting the WebIMController.java file. The manipulation of the ID argument leads to path traversal. This issue can be...

DataEase 2.4.0 - Database Configuration Information Exposure

Exploit Title: DataEase 2.4.0 - Database Configuration Information Exposure Shodan Dork: http.html:"dataease" FOFA Dork: body="dataease" && title=="DataEase" Exploit Author: ByteHunter Email: [email protected] vulnerable Versions: 2.4.0-2.5.0 Tested on: 2.4.0 CVE : CVE-2024-30269 import...

CVE-2024-10697

A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument mac leads to command injection. The attack can be...

CVE-2024-47212

An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt...

PT-2025-14891 · Edimax · Edimax Ac1200 Wave 2 Dual-Band Gigabit Router Br-6478Ac V3

Name of the Vulnerable Software and Affected Versions: Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 version 1.0.15 Description: A command injection issue was discovered via the fota url in the "/boafrm/formLtefotaUpgradeQuectel" API endpoint. This allows for potential exploitation. ...

CVE-2024-47212

An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt...

CVE-2024-47212

An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt...

CVE-2025-31132

Raven is an open-source messaging platform. A vulnerability allowed any logged in user to execute code via an API endpoint. This vulnerability is fixed in 2.1.10...

CVE-2024-47212

An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt...

PT-2025-14636 · Os4Ed · Os4Ed Opensis

Name of the Vulnerable Software and Affected Versions: OS4ED openSIS versions 8.0 through 9.1 Description: The issue allows attackers to execute a directory traversal by sending a crafted POST request to "/Modules.php?modname=messaging/Inbox.php&modfunc=save&filename". This enables attackers to...

PT-2025-14570 · Unknown · Fcba Zzm Ics-Park Smart Park Management System

Name of the Vulnerable Software and Affected Versions: fcba zzm ics-park Smart Park Management System version 2.1 Description: A critical vulnerability was found in the fcba zzm ics-park Smart Park Management System. This issue affects unknown code of the file "/api/system/dept/update" and leads ...

CVE-2025-3022

Os command injection vulnerability in e-solutions e-management. This vulnerability allows an attacker to execute arbitrary commands on the server via the ‘client’ parameter in the /data/apache/e-management/api/api3.php endpoint...

CVE-2025-31132

Raven is an open-source messaging platform. A vulnerability allowed any logged in user to execute code via an API endpoint. This vulnerability is fixed in 2.1.10...

CVE-2025-31132

Raven (open-source messaging platform) has a vulnerability where any logged-in user could execute code via an API endpoint. Root cause described as input validation issues in Raven prior to 2.1.10. Impact is high (arbitrary code execution potential) with no user interaction required. The fixed ve...

PT-2025-14121 · Raven · Raven

Name of the Vulnerable Software and Affected Versions: Raven versions prior to 2.1.10 Description: A vulnerability in Raven, an open-source messaging platform, allowed any logged-in user to execute code via an API endpoint. Recommendations: For versions prior to 2.1.10, update to version 2.1.10 t...

CVE-2025-3022

Os command injection vulnerability in e-solutions e-management. This vulnerability allows an attacker to execute arbitrary commands on the server via the ‘client’ parameter in the /data/apache/e-management/api/api3.php endpoint...