CVE-2025-4340

CVE-2025-4340 affects D-Link DIR-890L and DIR-806A1; the vulnerability is a remote command injection in the function sub_175C8 of /htdocs/soap.cgi. The root cause is improper handling/filters of crafted characters in that function, allowing an attacker to execute arbitrary commands remotely. Affe...

CVE-2025-4135

A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function uigetinputvalue. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure...

CVE-2025-4122

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub435E04. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure bu...

The vulnerability of TOTOLINK A7100RU router’s microprogramming software, which exists due to the lack of measures to neutralize special elements, allows intruders to inject arbitrary commands.

The vulnerability of TOTOLINK A7100RU router microprogramming software exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to inject arbitrary commands...

CVE-2025-3816

A vulnerability classified as critical was found in westboy CicadasCMS 2.0. This vulnerability affects unknown code of the file /system/schedule/save of the component Scheduled Task Handler. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been...

📄 CommScope Ruckus IoT Controller 1.7.1.0 Backdoor Account

CommScope Ruckus IoT Controller version 1.7.1.0 has an undocumented backdoor account. Exploit Title: CommScope Ruckus IoT Controller 1.7.1.0 - Undocumented Account Date: 2021.05.26 Exploit Author: korelogic Vendor Homepage:...

FLIR AX8 1.46.16 - Remote Command Injection

Exploit Title: FLIR AX8 1.46.16 - Remote Command Injection Date: 8/19/2022 Exploit Author: Samy Younsi Naqwada https://samy.link, SC Vendor Homepage: https://www.flir.com/ Software Link: https://www.flir.com/products/ax8-automation/ PoC: https://www.youtube.com/watch?v=dh0rfAIWok Version: 1.46.16...

PT-2025-20240 · Ооо "Юзергейт" · Usergate Log Analyzer +3

Уязвимость в веб-интерфейсе программного обеспечения межсетевого экрана UserGate Next-Generation Firewall NGFW, единого центра управления UserGate Management Center UGMC и системы сбора логов UserGate Log Analyzer LogAn, связана с недостаточной проверкой входных данных. Эксплуатация уязвимости...

PT-2025-18018 · Totolink · Totolink N150Rt

Name of the Vulnerable Software and Affected Versions: TOTOLINK N150RT version 3.4.0-B20190525 Description: A critical issue affects the processing of the file /boafrm/formWsc. The manipulation of the localPin argument leads to command injection. The attack may be initiated remotely...

CVE-2025-3249

A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apclicancelwps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The explo...

CVE-2022-37061

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...

Aishida Call Center System 注入漏洞

Aishida Call Center System is a call center system from Aishida China. An injection vulnerability exists in Aishida Call Center System 20250314 and prior versions, which originates from a command injection that could remotely launch an attack...

ROS-20250326-10

A vulnerability in the Nextcloud calendar cloud software application for creating and utilizing a Nextcloud data warehouse is related to the failure to clean up line breaks and special characters in the email value in a JSON request. Exploitation of the vulnerability could allow an attacker actin...

CVE-2025-2725

A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The manipulation leads ...

CVE-2025-2725

The CVE-2025-2725 vulnerability affects H3C Magic NX15, NX30 Pro, NX400, R3010, and BE18000 up to version V100R014, in the HTTP POST /api/login/auth handler. The issue is a command-injection in an unknown functionality of that endpoint. Multiple sources describe remote exposure possibilities, wit...

CVE-2025-2717

A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub41710C of the file /goform/diagnslookup of the component HTTP POST Request Handler. The manipulation of the argument targetaddr leads to os command injection. The...

H3C多款产品 安全漏洞

H3C Magic NX30 Pro and others are products of China's Xinhua San H3C.H3C Magic NX30 Pro is a home router that supports WiFi6 3000M rate.H3C Magic NX15 is a router.H3C Magic NX400 is a router. A security vulnerability exists in several H3C products that stems from a command injection in the...

H3C多款产品 注入漏洞

H3C Magic NX30 Pro and others are products of China's Xinhua San H3C.H3C Magic NX30 Pro is a home router that supports WiFi6 3000M rate.H3C Magic NX15 is a router.H3C Magic NX400 is a router. An injection vulnerability exists in several H3C products. The vulnerability stems from a command injecti...

H3C多款产品 安全漏洞

H3C Magic NX30 Pro and others are products of China's Xinhua San H3C.H3C Magic NX30 Pro is a home router that supports WiFi6 3000M rate.H3C Magic NX15 is a router.H3C Magic NX400 is a router. A security vulnerability exists in several H3C products. the vulnerability stems from a command injection...

OpenManus 命令注入漏洞

OpenManus is an application by the individual developer of mannaandpoem. A command injection vulnerability exists in OpenManus version 2025.3.13 and earlier, which stems from an os command injection in the app/tool/pythonexecute.py file, which may be attacked remotely...