25165 matches found
CVE-2025-67640
Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...
Huawei HarmonyOS Competitive Conditions Vulnerability
Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. Huawei HarmonyOS suffers from a competitive condition vulnerability, which originates from a competitive condition vulnerability in the audio module, and can be exploited by an attacker to affect...
Huawei HarmonyOS Multi-threaded Competitive Condition Vulnerability
Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei HarmonyOS suffers from a multi-threaded competitive condition vulnerability that can be...
PT-2025-50506
Name of the Vulnerable Software and Affected Versions Zoom Rooms for macOS versions prior to 6.6.0 Description An authenticated user could potentially disclose information through local access due to external control of a file name or path in Zoom Rooms for macOS. The issue involves manipulation ...
PT-2025-50332
Hi All, Looking at the Action1 reports, and unable to see anything which would be useful to for reporting from for the vulnerability of devices. I'm looking for an export with the data similar to the below DeviceName, CveId, Severity, CVSS, PatchAvailable, Product, OS, LastSeen PC-001,...
CVE-2025-64153
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized...
CVE-2025-53949
An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated...
CVE-2025-12945 Improper input validation in NETGEAR Nighthawk router R7000P
A vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation. This issue affects R7000P: through 1.3.3.154...
CVE-2025-5471
Uncontrolled Search Path Element vulnerability in Yandex Telemost on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.19.1...
CVE-2025-41692
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...
CVE-2025-5471 Dylib Hijacking in Yandex Telemost
Uncontrolled Search Path Element vulnerability in Yandex Telemost on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.19.1...
CVE-2025-41692 Weak/Predictable root Password
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...
November 11, 2025—Hotpatch KB5068840 (OS Build 20348.4346)
None None...
NETGEAR Nighthawk 安全漏洞
NETGEAR Nighthawk is a series of wireless routers from NETGEAR. A security vulnerability exists in the NETGEAR Nighthawk R7000P 1.3.3.154 and prior versions, which stems from improper input validation and could lead to an authenticated administrator performing an OS command injection attack...
Qnap QTS and QuTS hero Path Traversal (CVE-2025-30270)
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following...
Selea Targa IP OCR-ANPR Camera 操作系统命令注入漏洞
Selea Targa IP OCR-ANPR Camera is an IP camera from Selea. The Selea Targa IP OCR-ANPR Camera suffers from an operating system command injection vulnerability that stems from a command injection issue with the addr and port parameters in utils.php, which could lead to the execution of arbitrary...
Fortinet FortiExtender 操作系统命令注入漏洞
Fortinet FortiExtender is a wireless WAN wide area network extender device from Fortinet, Inc. An operating system command injection vulnerability exists in Fortinet FortiExtender versions 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, all versions of 7.2, and all versions of 7.0, which originates fro...
Microsoft Windows DirectX 资源管理错误漏洞
Microsoft Windows DirectX is a DirectX end-user runtime Web installer from Microsoft Corporation USA. A resource management error vulnerability exists in Microsoft Windows DirectX. An attacker could exploit the vulnerability to elevate privileges. The following products and editions are...
Microsoft Windows Installer 输入验证错误漏洞
Microsoft Windows Installer is a component of the Windows operating system from Microsoft Corporation USA. It provides a standard basis for installing and uninstalling software. An input validation error vulnerability exists in Microsoft Windows Installer. An attacker could exploit the...
Microsoft Windows Routing and Remote Access Service 安全漏洞
Microsoft Windows Routing and Remote Access Service is a network service from Microsoft Corporation USA that is used to perform functions such as network routing, virtual private networks VPNs, and dial-up connections. A security vulnerability exists in Microsoft Windows Routing and Remote Access...