CVE-2025-10774 Ruijie 6000-E10 sub_commit.php os command injection

A weakness has been identified in Ruijie 6000-E10 up to 2.4.3.6-20171117. This affects an unknown part of the file /view/vpn/autovpn/subcommit.php. This manipulation of the argument key causes os command injection. It is possible to initiate the attack remotely. The exploit has been made availabl...

CVE-2025-10774

CVE-2025-10774 affects Ruijie 6000-E10, up to version 2.4.3.6-20171117. The issue resides in an unknown portion of the file /view/vpn/autovpn/sub_commit.php, where manipulation of the keyword parameter (key) enables an OS command injection. The vulnerability can be exploited remotely and has seen...

PT-2025-39076

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X versions 240126/240802/250416 Description A flaw exists in D-Link DIR-823X that allows for command injection. This occurs due to manipulation of the port argument within an unknown functionality of the file /usr/sbin/goahead. T...

PT-2026-3235

Apache bRPC and Affected Versions Apache bRPC versions prior to 1.15.0 Description Apache bRPC contains a remote command injection flaw in the heap profiler built-in service. The /pprof/heap endpoint does not properly validate the extra options parameter, allowing attackers to execute arbitrary...

WAVLINK WL-NU516U1 安全漏洞

WAVLINK WL-NU516U1 is a wireless print server from China Ruiyin WAVLINK. A security vulnerability exists in the Wavlink WL-NU516U1 version 240425, which originates from the incorrect operation of the parameter ipaddr in the file /cgi-bin/login.cgi, which could lead to a remote os command injectio...

PT-2025-38673

Name of the Vulnerable Software and Affected Versions: Wavlink WL-NU516U1 version 240425 Description: A security issue has been identified in the sub 4012A0 function of the /cgi-bin/login.cgi file. Manipulation of the ipaddr argument can lead to operating system command injection. This attack is...

PT-2025-38672

Name of the Vulnerable Software and Affected Versions Ruijie 6000-E10 versions through 2.4.3.6-20171117 Description A weakness exists in Ruijie 6000-E10. The issue affects an unknown part of the file /view/vpn/autovpn/sub commit.php. Manipulation of the key argument can lead to operating system...

CVE-2025-10689

A vulnerability was identified in D-Link DIR-645 105B01. This issue affects the function soapcgimain of the file /soap.cgi. Such manipulation of the argument service leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be used. This...

CVE-2023-49565

The cbismanager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen Python function without...

📄 aaPanel 7.x.x Remote Command Execution

aaPanel version 7.x.x suffers from an authenticated remote command execution vulnerability. This was discovered prior and noted in CVE-2020-14421 where it states that it affects versions 6.6.6 and below. The developers claim it is patched but it still affects the 7.x.x version. This is...

CVE-2025-10689

The CVE-2025-10689 entry concerns D-Link DIR-645 firmware (model 105B01). A vulnerability exists in the soapcgi_main function within /soap.cgi where manipulation of the service argument enables remote command injection. The issue can be exploited remotely and publicly available exploit code is no...

CVE-2025-10689 D-Link DIR-645 soap.cgi soapcgi_main command injection

A vulnerability was identified in D-Link DIR-645 105B01. This issue affects the function soapcgimain of the file /soap.cgi. Such manipulation of the argument service leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be used. This...

CVE-2023-49565

The cbismanager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen Python function without...

CVE-2023-49565

The CVE-2023-49565 entry concerns the cbis_manager Podman container. The vulnerability allows remote command execution through the /api/plugins endpoint due to improper sanitization of HTTP headers X-FILENAME, X-PAGE, and X-FIELD, which are directly used by a subprocess.Popen call without suffici...

CVE-2025-10634

A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminaladdr/serverip/serverport causes command injection. The atta...

CVE-2025-10629

A vulnerability was determined in D-Link DIR-852 1.00CN B09. This issue affects the function ssdpcgimain of the file htodcs/cgibin of the component Simple Service Discovery Protocol Service. Executing manipulation of the argument ST can lead to command injection. The attack may be performed from...

CVE-2025-10629

A vulnerability was determined in D-Link DIR-852 1.00CN B09. This issue affects the function ssdpcgimain of the file htodcs/cgibin of the component Simple Service Discovery Protocol Service. Executing manipulation of the argument ST can lead to command injection. The attack may be performed from...

CVE-2025-10628

A vulnerability was found in D-Link DIR-852 1.00CN B09. This vulnerability affects unknown code of the file /htdocs/cgibin/hedwig.cgi of the component Web Management Interface. Performing manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has...

CVE-2025-10634

CVE-2025-10634 affects D-Link DIR-823X routers (versions 240126, 240802, 250416). The issue is in the Environment Variable Handler’s /usr/sbin/goahead component, specifically function sub_412E7C, where manipulating arguments terminal_addr/server_ip/server_port enables remote command injection. Th...

CVE-2025-10629 D-Link DIR-852 Simple Service Discovery Protocol Service cgibin ssdpcgi_main command injection

A vulnerability was determined in D-Link DIR-852 1.00CN B09. This issue affects the function ssdpcgimain of the file htodcs/cgibin of the component Simple Service Discovery Protocol Service. Executing manipulation of the argument ST can lead to command injection. The attack may be performed from...