CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2022-37055link is external D-Link Routers Buffer Overflow Vulnerability CVE-2025-66644link is external Array Networks ArrayOS AG OS Command Injection...

Array Networks ArrayOS AG OS Command Injection Vulnerability

Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands...

CVE-2025-66644

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...

CVE-2025-66644

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...

CVE-2025-66644

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...

CVE-2025-66644

CVE-2025-66644 affects Array Networks ArrayOS AG before 9.4.5.9, with an OS command injection vulnerability that could allow an attacker to execute arbitrary commands. Exploitation has been observed in the wild between August and December 2025, impacting ArrayOS AG versions up to 9.4.5.8. Remedia...

Array Networks ArrayOS AG 操作系统命令注入漏洞

Array Networks ArrayOS AG is an SSL-VPN product from Array Networks, Inc. that enables secure remote access regardless of user, device or location. Providing scalable and controlled remote and mobile access to corporate networks, enterprise applications and cloud services for any user, any device...

VulnCheck KEV: CVE-2025-66644

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...

CVE-2025-66644

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...

Array Networks ArrayOS <= 9.4.0.481 RCE (CVE-2023-28461)

The version of Array Networks ArrayOS running on the remote device is 9.4.0.481 or prior. It is, therefore, affected by a remote code execution vulnerability. Unauthenticated attackers could execute remote code by exploiting a specific attribute in an HTTP header, enabling them to browse the...

EUVD-2017-15613

Malware in sbrugna...

EUVD-2022-45955

Malicious code in bioql PyPI...

EUVD-2023-56404

Malicious code in bioql PyPI...

CVE-2023-51707

MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected...

CVE-2022-42897

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected...

CVE-2023-51707

MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected...

CVE-2023-51707

MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected...

Command injection

MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected...

CVE-2023-51707

MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected...

CVE-2023-51707

CVE-2023-51707 affects MotionPro in Array ArrayOS AG prior to 9.4.0.505, where remote command execution is possible via specially crafted packets. Affected: AG and vxAG before 9.4.0.505; unaffected: AG/vxAG 9.3.0.259.x. Impact is remote code execution with network attack vector and no user intera...