PT-2025-49276

Name of the Vulnerable Software and Affected Versions Edimax BR-6478AC V3 version 1.0.15 Description A flaw exists in Edimax BR-6478AC V3 version 1.0.15 due to a command injection issue. The issue is related to the manipulation of the sysCmd argument within the sub 44CCE4 function of the...

CVE-2025-66576

Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution...

CVE-2024-58275

Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a parameter injection flaw. Attackers can inject shell metacharacters to execute arbitrary commands on the server...

CVE-2025-66576 Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)

Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution...

CVE-2024-58275 Easywall 0.3.1 - Authentication Bypass via Command Injection in /ports-save Endpoint

Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a parameter injection flaw. Attackers can inject shell metacharacters to execute arbitrary commands on the server...

Exploit for CVE-2025-55182

Here is your ready-to-copy-paste README.md — clean, professional...

Pentesting-Metasploitable2-SMB-Service

Metasploitable2 – SMB Vulnerability Exploitation 🚀 This proje...

PT-2025-49131

Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a parameter injection flaw. Attackers can inject shell metacharacters to execute arbitrary commands on the server...

CVE-2025-66208 Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy

Collabora Online - Built-in CODE Server richdocumentscode provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE OS Command Injection in richdocumentscode proxy. Users of Nextclou...

CVE-2025-34319

TOTOLINK N300RT devices with firmware older than V3.4.0-B20250430 are affected by an OS command injection in the Boa formWsc handling functionality (discovered in V2.1.8-B20201030.1539). The vulnerability allows an unauthenticated attacker to execute commands via the targetAPSsid request paramete...

BIT-ACTIVEMQ-2021-21345 XStream is vulnerable to a Remote Command Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who...

AVTech DGM1104 安全漏洞

AVTech DGM1104 is a network video recorder from AVTech Corporation of Taiwan, China. A security vulnerability exists in the AVTech DGM1104 FullImg-1015-1004-1006-1003 version, which stems from a command injection in the Machine.cgi endpoint that could lead to the execution of arbitrary commands...

Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2025-36251, CVE-2025-36250), insufficiently protected credentials (CVE-2025-36096), and path traversal (CVE-2025-36236)

Summary Vulnerabilities in AIX could allow a remote attacker to execute arbitrary commands CVE-2025-36251, CVE-2025-36250, obtain Network Installation Manager NIM private keys CVE-2025-36096, or traverse directories CVE-2025-36236. These vulnerabilities are addressed through the fixes referenced ...

MAL-2025-191761 Malicious code in hooktest3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3d1104ab742749c40acd3c4c989dba15890db64fd22f688dea72727fbc5b9d23 During installation, the package starts a code to retrieve and execute commands from Discord --- Category: MALICIOUS - The campaign has clearly malicious inten...

CVE-2025-13798

A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function apmacfilteradd of the file /sendorder.cgi. Executing manipulation of the argument mac can lead to command injection. The attack may be performed from remote. The exploit has been published and may be used. The...

CVE-2025-13797

A vulnerability was detected in ADSLR B-QE2W401 250814-r037c. Affected by this issue is the function parameterdelswifimac of the file /sendorder.cgi. Performing manipulation of the argument delswifimac results in command injection. The attack is possible to be carried out remotely. The exploit is...

PT-2025-48774

ASUS warns of a critical flaw in AiCloud routers CVE-2025-593656. Attackers can remotely run OS commands no login needed. • Update firmware • Disable AiCloud/Samba/WAN access if no patch • Replace end-of-life devices • Strengthen passwords https://t.co/Dt2oT0g298...

CVE-2024-39148

The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall...

EUVD-2025-199942

A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function apmacfilteradd of the file /sendorder.cgi. Executing manipulation of the argument mac can lead to command injection. The attack may be performed from remote. The exploit has been published and may be used. The...

EUVD-2025-199944

A vulnerability was detected in ADSLR B-QE2W401 250814-r037c. Affected by this issue is the function parameterdelswifimac of the file /sendorder.cgi. Performing manipulation of the argument delswifimac results in command injection. The attack is possible to be carried out remotely. The exploit is...