CVE-2025-56095

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

PT-2025-50597

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation...

TeamViewer DEX Client 安全漏洞

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. A security vulnerability exists in versions prior to TeamViewer DEX Client V15 that stems from improper input validation and could lead to remote execution of arbitrary commands...

CVE-2025-56127

The CVE-2025-56127 entry concerns Ruijie RG-BCR RG-BCR600W. The vulnerability is an OS Command Injection in the get_wanobj handler inside /usr/lib/lua/luci/controller/admin/common.lua, triggered by a crafted POST request. The root cause is improper handling of crafted input, enabling execution of...

EulerOS 2.0 SP13 : samba (EulerOS-SA-2025-2532)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in Samba File Transfer Software the affected version is unknown and classified as critical.The CWE definition for th...

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

CVE-2024-58284

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands...

CVE-2024-58280

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

CVE-2024-58284 PopojiCMS 2.0.1 Remote Command Execution via Authenticated Metadata Settings

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands...

CVE-2024-58280

CVE-2024-58280 affects CMSimple 5.15 and enables authenticated remote code execution via the Extensions configuration: an attacker can append ",php" to Extensions_userfiles and upload a PHP shell to the media directory, enabling arbitrary code execution on the server. The available sources confir...

CVE-2024-58280 CMSimple 5.15 Remote Command Execution via Extensions Configuration

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

CVE-2024-58280 CMSimple 5.15 Remote Command Execution via Extensions Configuration

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

CVE-2025-14276

A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leafsearch.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...

CMSimple 安全漏洞

CMSimple is a free content management system from CMSimple Open Source. A security vulnerability exists in CMSimple version 5.15 that originates from an authenticated user being able to modify file extensions and upload malicious PHP files, which could lead to remote command execution...

PT-2025-50529

Name of the Vulnerable Software and Affected Versions CMSimple version 5.15 Description An authenticated attacker can execute commands remotely on the server. This is possible by modifying file extensions and uploading malicious PHP files. Specifically, attackers can append ',php' to Extensions...

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

Aqara多款产品 安全漏洞

Aqara Camera Hub G3 and others are a smart surveillance camera from Aqara USA. A security vulnerability exists in various Aqara products that stems from an undocumented remote access mechanism that could lead to remote command execution. The following products and versions are affected: the Camer...

PT-2025-50543

Name of the Vulnerable Software and Affected Versions Aqara Hub Camera Hub G3 version 4.1.9 0027 Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 Description Aqara Hub devices have an undocumented remote access mechanism that allows unrestricted remote command execution...