CVE-2025-64091

The connected sources identify CVE-2025-64091 as affecting Zenitel ICX500 and ICX510 platforms. The vulnerability enables an authenticated attacker to execute commands via the device’s NTP configuration, described as a command-injection issue in the NTP configuration path. Reported by multiple fe...

CVE-2021-47747

meterN 1.2.3 contains an authenticated remote code execution vulnerability in adminmeter2.php and adminindicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters to execute arbitrary system commands with administrative privileges...

Exploit for CVE-2025-68613

🚀 n8n Authenticated RCE PoC Pocsuite3 CVE ID: CVE-202...

EUVD-2024-55337

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to...

Metasploit Wrap-Up 11/07/2025

New module content 3 Centreon authenticated command injection leading to RCE via broker engine "reload" parameter Author: h00die-gr3y [email protected] Type: Exploit Pull request: 20672 contributed by h00die-gr3y Path: linux/http/centreonauthrcecve20255946 AttackerKB reference: CVE-2025-5946...

CVE-2025-37146 Unauthorized Filesystem Operations in System Firmware allow Authenticated Remote Code Execution

A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

EUVD-2020-9451

Malware in sbrugna...

EUVD-2021-27564

Malicious code in bioql PyPI...

EUVD-2022-41724

Malicious code in bioql PyPI...

EUVD-2023-33493

Malicious code in bioql PyPI...

EUVD-2024-20425

Malicious code in bioql PyPI...

EUVD-2022-36141

Malicious code in bioql PyPI...

Cisco Secure Firewall Threat Defense Software VPN Web Server Remote Code Execution (cisco-sa-asaftd-webvpn-z5xP8EUB)

According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a vulnerability: - A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an...

CVE-2025-5717

An authenticated remote code execution RCE vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. A user with administrative access to the SOAP admin services can exploit this flaw by deploying a Siddhi execution plan containing...

CVE-2025-58762 Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...

CVE-2012-10028 Netwin SurgeFTP <= v23c8 Authenticated RCE

Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to surgeftpmgr.cgi. This can lead to full remote code execution on the underlying system...

CVE-2025-20283

The vulnerability (CVE-2025-20283) affects Cisco Identity Services Engine (ISE) and ISE-PIC via a specific API, caused by insufficient validation of user-supplied input. An attacker with valid high-priv credentials could submit crafted API requests to execute commands as root on the underlying OS...

CVE-2025-34104 Piwik Authenticated RCE via Custom Plugin Upload

An authenticated remote code execution vulnerability exists in Piwik now Matomo versions prior to 3.0.3 via the plugin upload mechanism. In vulnerable versions, an authenticated user with Superuser privileges can upload and activate a malicious plugin ZIP archive, leading to arbitrary PHP code...

CVE-2025-34088 Pandora FMS Authenticated Remote Code Execution via Ping Module

An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The nettools.php functionality allows authenticated users to execute arbitrary OS commands via the selectips parameter when performing network tools operations, such as pinging. This occurs becau...

CVE-2025-34088

Summary: Pandora FMS 7.0NG and earlier expose an authenticated remote code execution via the net_tools.php module, specifically the select_ips parameter used in network tools (e.g., ping). This occurs because unsanitized input is passed to system commands, enabling command injection. Public refer...