CVE-2025-41452

Danfoss AK-SM8xxA Series before 4.3.1 contains a post-authenticated external control of the system Web interface configuration, with improper handling of exceptional conditions that could cause a DoS. CVSS 6.8 (Network, high attack complexity, high impact on availability). Remediation: update to ...

CVE-2025-41452 Post auth nginx configuration injection in Danfoss AK-SM8xxA Series

Post-authenticated external control of system web interface configuration setting vulnerability in Danfoss AK-SM8xxA Series prior to 4.3.1, which could allow for a denial of service attack induced by improper handling of exceptional conditions...

CVE-2025-41451 Post-Authentication OS Command Injection RCE in Danfoss AK-SM8xxA Series

Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command 'Command Injection' in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system...

CVE-2025-41451 Post-Authentication OS Command Injection RCE in Danfoss AK-SM8xxA Series

Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command 'Command Injection' in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system...

VulnCheck KEV: CVE-2024-45885

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to autodiscoveryclear...

VulnCheck KEV: CVE-2024-45884

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setSWMGroup...

PT-2025-34327 · Danfoss · Ak-Sm8Xxa

Name of the Vulnerable Software and Affected Versions: Danfoss AK-SM8xxA Series versions prior to 4.3.1 Description: Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command 'Command Injection' exists in the software, potentially leading to post-authenticated remo...

CVE-2012-10059

Dolibarr ERP/CRM versions = 3.1.1 and = 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sqlcompat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code...

CVE-2012-10059

Dolibarr ERP/CRM versions = 3.1.1 and = 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sqlcompat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code...

CVE-2012-10059

Dolibarr ERP/CRM contains a post-authenticated OS command injection in its database backup feature. In versions <= 3.1.1 and

CVE-2012-10059 Dolibarr ERP/CRM Post-Auth OS Command Injection

Dolibarr ERP/CRM versions = 3.1.1 and = 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sqlcompat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code...

CVE-2012-10059 Dolibarr ERP/CRM Post-Auth OS Command Injection

Dolibarr ERP/CRM versions = 3.1.1 and = 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sqlcompat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code...

CVE-2024-13973

A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 21.0.1 can potentially lead to administrators achieving arbitrary code execution...

CVE-2024-13973

CVE-2024-13973 : A post-auth SQL injection vulnerability in the WebAdmin component of Sophos Firewall, affecting versions older than 21.0 MR1 (21.0.1). Exploitation could allow an administrator to achieve arbitrary code execution. The root cause is a SQL injection in WebAdmin; no exploit details ...

CVE-2024-13973

A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 21.0.1 can potentially lead to administrators achieving arbitrary code execution...

CVE-2024-13973

A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 21.0.1 can potentially lead to administrators achieving arbitrary code execution...

CVE-2025-7114

CVE-2025-7114 targets SimStudioAI sim up to commit 37786d371e17d35e0764e1b5cd519d873d90d97b. The flaw resides in the POST handler for apps/sim/app/api/files/upload/route.ts (Session Handler), where the Request can be manipulated without authentication, enabling remote, unauthenticated access. Mul...

CVE-2025-49215

A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this...

CVE-2025-49214

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this...

CVE-2025-49214

CVE-2025-49214 concerns Trend Micro Endpoint Encryption PolicyServer with an insecure deserialization flaw that could enable post-auth remote code execution. Affected component/behavior: deserialization function in PolicyServer; root cause described as insecure deserialization. Impact: high acros...