CVE-2025-60689

An unauthenticated command injection vulnerability exists in the StartEPI function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The vulnerability occurs because user-supplied CGI parameters wlant, wlssid, wlrate, ttcpnum, ttcpip, ttcpsize are concatenated in...

AIX is vulnerable to arbitrary command execution (CVE-2025-36251 CVE-2025-36250) insufficiently protected credentials (CVE-2025-36096) and path traversal (CVE-2025-36236)

IBM SECURITY ADVISORY First Issued: Thu Nov 13 14:12:55 CST 2025 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/nimadvisory2.asc Security Bulletin: AIX is vulnerable to arbitrary command execution CVE-2025-36251, CVE-2025-36250,...

CVE-2025-60672

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in prog.cgi are stored in NVRAM and later used by rc to...

D-Link DIR-878 安全漏洞

The D-Link DIR-878 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-878 version A1FW101B04.bin, which originates from the unvalidated ServerAddress and Hostname parameters in the SetDynamicDNSSettings function, which can lead to remote command...

D-Link DIR-878 安全漏洞

The D-Link DIR-878 is a wireless router from China AUO D-Link. A security vulnerability exists in the D-Link DIR-878 version A1FW101B04.bin, which originates from an unvalidated IPAddress parameter in the SetDMZSettings function, which could lead to remote command execution...

IBM AIX和IBM VIOS 安全漏洞

IBM AIX and IBM VIOS are both products of the International Business Machines IBM Corporation.IBM AIX is an open standards-based UNIX operating system developed for the IBM Power architecture.IBM VIOS is part of the PowerVm® Editions hardware feature set.IBM AIX is an open standards-based UNIX...

PT-2025-46924

Name of the Vulnerable Software and Affected Versions IBM AIX versions 7.2 and 7.3 IBM VIOS versions 3.1 and 4.1 Description The nimsh service’s SSL/TLS implementations in IBM AIX and VIOS are susceptible to improper process controls, potentially enabling a remote attacker to execute arbitrary...

CVE-2024-32011

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as administrative application use...

CVE-2025-46427

Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution...

CVE-2025-59118 Apache OFBiz: Critical Remote Command Execution via Unrestricted File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue...

CVE-2025-59118

The CVE-2025-59118 entry concerns Apache OFBiz before 24.09.03 and describes an Unrestricted Upload of File with Dangerous Type vulnerability. PT-Security details indicate a remote attacker can upload arbitrary (dangerous) files, enabling remote command execution on the server, potentially leadin...

PT-2025-46709

Name of the Vulnerable Software and Affected Versions Dell SmartFabric OS10 Software versions prior to 10.6.1.0 Description Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contains an Improper Neutralization of Special Elements used in a Command 'Command Injection' issue. A low...

EUVD-2024-29849

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as administrative application use...

CVE-2024-32011

CVE-2024-32011 affects Siemens Spectrum Power 4 (all versions

CVE-2025-12943

Improper certificate validation in firmware update logic in NETGEAR RAX30 Nighthawk AX5 5-Stream AX2400 WiFi 6 Router and RAXE300 Nighthawk AXE7800 Tri-Band WiFi 6E Router allows attackers with the ability to intercept and tamper traffic destined to the device to execute arbitrary commands on the...

CVE-2025-12943

CVE-2025-12943 involves NETGEAR RAX30 and RAXE300 devices, where improper certificate validation in the firmware update logic lets an attacker who can intercept and modify traffic potentially execute arbitrary commands on the device. Affected products: NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400...

PT-2025-46536

Name of the Vulnerable Software and Affected Versions Spectrum Power 4 versions prior to 4.70 SP12 Update 2 Description The application is susceptible to arbitrary command execution through the user interface. This interface is accessible over the network, enabling command execution with...

Siemens Spectrum Power 安全漏洞

Siemens Spectrum Power is an energy management system from Siemens, Germany. A security vulnerability exists in Siemens Spectrum Power 4 versions prior to V4.70 SP12 Update 2, which originates from a user interface that can run arbitrary commands over the network, potentially resulting in the...

CVE-2025-12916

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portallogin of the component Frontend. This manipulation of the argument loginUrl causes command injection. The attack may be initiated remotely. T...

Advisory ROSA-SA-2025-3076

Software: openssh 8.0p1 OS: ROSA Virtualization 3.0 unaffected versions = openssh-8.0p1-26.0.2.2.rv30 affected versions openssh-8.0p1-26.0.2.2.rv30 CVE-ID: CVE-2020-15778 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the toremote scp.c function of the OpenSSH cryptographic security tool...