📄 LEPTON 7.4.0 Remote Code Execution

LEPTON CMS version 7.4.0 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary system commands through the Droplets functionality. This vulnerability arises from improper input validation and execution control within the Droplets feature...

D-Link DNS-343 ShareCenter 安全漏洞

The D-Link DNS-343 ShareCenter is a network storage device from China's AUO D-Link. The D-Link DNS-343 ShareCenter suffers from a command execution vulnerability that stems from insufficient input validation in the Mail Test feature, which can be exploited by an attacker to execute arbitrary...

CVE-2025-12296

A security vulnerability has been detected in D-Link DAP-2695 2.00RC13. The impacted element is the function sub4174B0 of the component Firmware Update Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be...

VulnCheck KEV: CVE-2025-7083

A vulnerability was found in Belkin F9K1122 1.00.33. It has been classified as critical. This affects the function mp of the file /goform/mp of the component webs. The manipulation of the argument command leads to os command injection. It is possible to initiate the attack remotely. The exploit h...

Planex MZK-DP300N 信任管理问题漏洞

The Planex MZK-DP300N is a hotel router travel router from Planex Japan. A trust management issue vulnerability exists in Planex MZK-DP300N version 1.07 and earlier, which stems from the use of hard-coded credentials and could allow an attacker to log in via Telnet and execute arbitrary commands ...

Linux Distros Unpatched Vulnerability : CVE-2025-10680

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenVPN 2.7alpha1 through 2.7beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is...

CVE-2025-12313 D-Link DI-7001 MINI msp_info.htm command injection

A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /mspinfo.htm. Such manipulation of the argument cmd leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public an...

CVE-2025-12296

A security vulnerability has been detected in D-Link DAP-2695 2.00RC13. The impacted element is the function sub4174B0 of the component Firmware Update Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be...

PT-2025-43985

A security vulnerability has been detected in D-Link DAP-2695 2.00RC13. The impacted element is the function sub 4174B0 of the component Firmware Update Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may b...

SUSE CVE-2025-10680

OpenVPN 2.7alpha1 through 2.7beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use...

CVE-2025-10680

OpenVPN 2.7alpha1 through 2.7beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use...

CVE-2025-10680

OpenVPN 2.7alpha1 through 2.7beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use...

OpenVPN 安全漏洞

OpenVPN is a software package for creating encrypted tunnels for Virtual Private Networks VPNs from the US company OpenVPN, which uses the OpenSSL library to encrypt data and control information, and allows the created VPN to be authenticated using a public key, an electronic certificate, or a...

CVE-2025-58428

The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. This could allow the attacker to achieve remote...

CVE-2025-54964

An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may inject arbitrary executables. If the Job Service is configured for local-only access, this may allow for privilege escalation in certain situations. If the Job Service is...

CVE-2025-58428 Command Injection in Veeder-Root TLS4B Automatic Tank Gauge System

The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. This could allow the attacker to achieve remote...

CVE-2025-58428

CVE-2025-58428 affects Veeder-Root TLS4B ATG system. The vulnerability stems from the SOAP-based interface being accessible through the web services handler, which enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. Reported impact incl...

CVE-2025-62713 Kottster app reinitialization can be re-triggered allowing command injection in development mode

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been...

Access Control Bypass

Overview @kottster/common is a Common types and utilities for Kottster Affected versions of this package are vulnerable to Access Control Bypass via the initApp and installPackagesForDataSource actions. An attacker can gain unauthorized administrative access and execute arbitrary system commands ...

Exploit for OS Command Injection in Tenda Ac15_Firmware

Tenda-Router-VR-and-Exploit...