CVE-2025-34320 BASIS BBj < 25.00 Unauthenticated Arbitrary File Read RCE

BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint that fails to properly validate or canonicalize input path segments. This allows unauthenticated directory traversal sequences to cause the server to read arbitrary system files accessible to the account running the service...

CVE-2025-13442

A security vulnerability has been detected in UTT 进取 750W up to 3.2.2-191225. Affected by this vulnerability is the function system of the file /goform/formPdbUpConfig. Such manipulation of the argument policyNames leads to command injection. The attack may be launched remotely. The exploit has...

CVE-2025-13442 UTT 进取 750W formPdbUpConfig system command injection

A security vulnerability has been detected in UTT 进取 750W up to 3.2.2-191225. Affected by this vulnerability is the function system of the file /goform/formPdbUpConfig. Such manipulation of the argument policyNames leads to command injection. The attack may be launched remotely. The exploit has...

CVE-2025-63932

D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction header field. The unauthenticated remote attacker can execute the shell command...

MAL-2025-190579 Malicious code in hellospa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0582933888e4badd81ead15c78b68f8de23a0c728b5a1584f737bedcfd569184 The package hellospa was found to contain malicious code. Source: ghsa-malware f4e9282a1da51cf6409a4e5196d718d73e8f6f8dbddd339cbdd0535658517576 Any...

CVE-2025-63258

A remote command execution RCE vulnerability was discovered in all H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points versions R0162P07, UAP700-WPT330-E2265, UAP672-WPT330-R2262, UAP662E-WPT330-R2262P03, WAP611-WPT330-R1348-OASIS,...

VulnCheck KEV: CVE-2023-41348

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt th...

Exploit for CVE-2025-63406

CVE-2025-63406 PoC Installation bash Install depende...

CVE-2025-37162

CVE-2025-37162 describes an authenticated command injection vulnerability in the command line interface of affected devices. Successful exploitation could allow execution of arbitrary OS commands by an attacker with valid credentials and network access; impact is system compromise of the underlyi...

EUVD-2025-198030

A remote command execution RCE vulnerability was discovered in all H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points versions R0162P07, UAP700-WPT330-E2265, UAP672-WPT330-R2262, UAP662E-WPT330-R2262P03, WAP611-WPT330-R1348-OASIS,...

CVE-2025-63258

A remote command execution RCE vulnerability was discovered in all H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points versions R0162P07, UAP700-WPT330-E2265, UAP672-WPT330-R2262, UAP662E-WPT330-R2262P03, WAP611-WPT330-R1348-OASIS,...

CVE-2025-13306

A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The...

CVE-2025-13306

A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The...

PT-2025-47366

Name of the Vulnerable Software and Affected Versions H3C ERG3/ERG5 series routers H3C XiaoBei series routers H3C cloud gateways H3C wireless access points versions R0162P07 H3C wireless access points version UAP700-WPT330-E2265 H3C wireless access points version UAP672-WPT330-R2262 H3C wireless...

CVE-2025-63258

A remote command execution RCE vulnerability was discovered in all H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points versions R0162P07, UAP700-WPT330-E2265, UAP672-WPT330-R2262, UAP662E-WPT330-R2262P03, WAP611-WPT330-R1348-OASIS,...

PT-2025-47398

Name of the Vulnerable Software and Affected Versions Mozart FM Transmitter version WEBMOZZI-00287 Description The Mozart FM Transmitter web management interface version WEBMOZZI-00287 has an unrestricted file upload issue in the /patch.php endpoint. An attacker with administrative access can...

CVE-2025-63258

CVE-2025-63258 is a remote command execution (RCE) affecting H3C ERG3/ERG5 routers, XiaoBei routers, cloud gateways, and associated wireless access points. The root cause is a command injection in the sessionid parameter that can lead to arbitrary code execution. Affected products/versions includ...

AIX : Multiple Vulnerabilities (IJ55968)

The version of AIX installed on the remote host is prior to APAR IJ55968. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ55968 advisory. - IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute...

AIX : Multiple Vulnerabilities (IJ55897)

The version of AIX installed on the remote host is prior to APAR IJ55897. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ55897 advisory. - IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute...

AIX : Multiple Vulnerabilities (IJ56113)

The version of AIX installed on the remote host is prior to APAR IJ56113. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ56113 advisory. - IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute...