MINI-5XH8-2XGR-QRF2

Bulletin has no description...

MINI-XCCR-76M4-R2PW

Bulletin has no description...

MINI-GQHX-XJM9-79QF

Bulletin has no description...

MINI-MQ5R-HF7R-M4W3

Bulletin has no description...

MINI-QG7W-64CC-RJV9

Bulletin has no description...

MINI-M2VG-H5M9-CRPX

Bulletin has no description...

MINI-X7V8-J3WH-9H9M

Bulletin has no description...

MINI-4WV7-68QV-HJFJ

Bulletin has no description...

MINI-59G8-R34C-CCPW

Bulletin has no description...

MINI-RM6V-R4W8-C5WF

Bulletin has no description...

MINI-4H8H-6MHW-PC24

Bulletin has no description...

MINI-XP78-8HVV-35PQ

Bulletin has no description...

MINI-HXJV-5V38-M2C2

Bulletin has no description...

LiteLLM - Command Injection

A critical unauthenticated remote code execution vulnerability exists in LiteLLM due to improper input handling in the MCP stdio test endpoint. An attacker can send a specially crafted request to the /mcp-rest/test/connection endpoint with controlled parameters, resulting in arbitrary command...

OpenCode < 1.0.216 - Unauthenticated Remote Code Execution

OpenCode versions prior to 1.0.216 contain an unauthenticated remote code execution vulnerability. The application exposes session and shell execution endpoints without proper authentication, allowing remote attackers to create sessions and execute arbitrary shell commands on the underlying serve...

Dell UnityVSA < 5.5 - Remote Command Injection

Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. id: CVE-2025-36604 info: name: Dell UnityVSA 5.5 - Remote Command Injection author: DhiyaneshDK,watchtowr severity: critical description: | Dell...

Cisco ISE - Remote Code Execution

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to...

SawtoothSoftware Lighthouse Studio < 9.16.14 - Pre-Auth Remote Code Execution

A pre-authentication remote code execution vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14. The issue arises from the unsafe use of the eval function within the Perl CGI component ciwweb.pl, where attacker-supplied input inside hidRandomACARAT is directly...

Zhiyuan OA Platform - Arbitrary File Upload

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 - 6.1sp2, 7.0, 7.0sp1 - 7.1, 7.1sp1, and 8.0 - 8.0sp2 via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing...

Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...