7661 matches found
PT-2025-50695
IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input...
PT-2025-50688
Name of the Vulnerable Software and Affected Versions Ruijie X60 PRO versions V1.00 through V2.00 Description An issue exists in Ruijie X60 PRO that allows attackers to execute arbitrary commands. This is due to an OS Command Injection flaw present in the module get function within the...
Compuware iStrobe Web 代码问题漏洞
Compuware iStrobe Web is a mainframe performance analysis and optimization tool from Compuware Corporation. A code issue vulnerability exists in Compuware iStrobe Web version 20.13, which arises from a path traversal in the file upload form that could result in the upload of a JSP webshell and th...
Ruijie RG-BCR 安全漏洞
Ruijie RG-BCR is a series of cloud routers from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-BCR RG-BCR860 version, which stems from improper handling of a specially crafted POST request for actionwireless in the file /usr/lib/lua/luci/control/admin/wireless.lua, which...
PT-2025-50666
Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR600W affected versions not specified Description An issue exists in Ruijie RG-BCR600W that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the restart modules function located in...
D-Link DCS-930L Command Injection Vulnerability
D-Link DCS-930L is a network camera from China AUO D-Link. The D-Link DCS-930L suffers from a command injection vulnerability that stems from the failure to properly filter construct command special characters, commands, etc. in the parameter AdminID in the file /setSystemAdmin. An attacker can...
PT-2025-50325
Unauthenticated Telnet enablement via cstecgi.cgi auth bypass leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369 B20230113 arbitrary command execution. Earlier versions that share the same implementation, may also be affected...
Jenkins plugin Git client 安全漏洞
Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...
AZL-72556 CVE-2025-2296 affecting package edk2 for versions less than 20230301gitf80f052277c8-44
EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...
CVE-2025-2296
EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...
CVE-2025-2296 Un-verified kernel bypass Secure Boot mechanism in direct boot mode
EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...
CVE-2025-2296 Un-verified kernel bypass Secure Boot mechanism in direct boot mode
EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...
Linux Distros Unpatched Vulnerability : CVE-2025-2296
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - EDK2 contains a vulnerability in BIOS where an attacker may cause Improper Input Validation by local access. Successful exploitation of this vulnerability could...
CVE-2025-27020 Improper configuration of SSH service in Infinera MTC-9
Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0...
EUVD-2025-201427
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to execute arbitrary system commands...
CVE-2025-64053
A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint...
CVE-2025-64053
A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint...
CVE-2025-64054
A reflected Cross Site Scripting XSS vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint...
Fanvil x210 安全漏洞
Fanvil x210 is an IP telephony device from Fanvil. A security vulnerability exists in the Fanvil x210 version 2.12.20, which originates from reflective cross-site scripting and could result in a denial of service or execution of arbitrary commands...
Flexsense DiskBoss 代码问题漏洞
Flexsense DiskBoss is a disk management tool from Flexsense, Inc. A code issue vulnerability exists in Flexsense DiskBoss version 11.7.28, which stems from unquoted service paths and could allow an attacker to elevate privileges and execute arbitrary system commands...