CVE-2025-10629

The CVE-2025-10629 affects D-Link DIR-852 (firmware 1.00CN B09) in the Simple Service Discovery Protocol Service, specifically the ssdpcgi_main function in htodcs/cgibin. The vulnerability arises from insufficient input filtering of the ST argument, enabling command injection and potential remote...

CVE-2025-10628

D-Link DIR-852 (1.00CN B09) Web Management Interface component /htdocs/cgibin/hedwig.cgi is affected by a command-injection vulnerability. The issue arises from insufficient input filtering in hedwig.cgi, enabling remote exploitation. Public exploits exist and the affected devices are noted as no...

CVE-2025-10628 D-Link DIR-852 Web Management hedwig.cgi command injection

A vulnerability was found in D-Link DIR-852 1.00CN B09. This vulnerability affects unknown code of the file /htdocs/cgibin/hedwig.cgi of the component Web Management Interface. Performing manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has...

PT-2025-38294

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X versions 240126, 240802, and 250416 Description A weakness exists in the Environment Variable Handler component of the D-Link DIR-823X router. Manipulation of the terminal addr, server ip, or server port argument within the sub...

CVE-2025-10619

A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. This affects the function redirectToAuthorization of the file src/helpers/node-oauth-client-provider.ts of the component OAuth Server Discovery. Performing manipulation results in os command injection. Remote exploitation of the...

CVE-2025-10619

A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. This affects the function redirectToAuthorization of the file src/helpers/node-oauth-client-provider.ts of the component OAuth Server Discovery. Performing manipulation results in os command injection. Remote exploitation of the...

CVE-2025-10619 sequa-ai sequa-mcp OAuth Server Discovery node-oauth-client-provider.ts redirectToAuthorization os command injection

A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. This affects the function redirectToAuthorization of the file src/helpers/node-oauth-client-provider.ts of the component OAuth Server Discovery. Performing manipulation results in os command injection. Remote exploitation of the...

CVE-2025-10442

A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed...

CVE-2025-10440

A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub4621DC of the file usbpaswd.asp of the component jhttpd. The manipulation of the argument hname leads to os comma...

CVE-2025-9972

Certain models of Industrial Cellular Gateway developed by Planet Technology have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the device...

PT-2025-38278

Name of the Vulnerable Software and Affected Versions: sequa-ai sequa-mcp versions prior to 1.0.14 Description: A vulnerability exists in the redirectToAuthorization function within the OAuth Server Discovery component, specifically in the file src/helpers/node-oauth-client-provider.ts...

SUSE SLES15 Security Update : pcp (SUSE-SU-2025:03233-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03233-1 advisory. - CVE-2024-3019: exposure of the redis server backend allows remote command execution via pmproxy bsc1222121. Tenable has extracted the...

CVE-2025-37126 Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as...

HPE Aruba Networking EdgeConnect SD-WAN Gateways 安全漏洞

HPE Aruba Networking EdgeConnect SD-WAN Gateways is an edge gateway appliance from HPE America. A security vulnerability exists in HPE Aruba Networking EdgeConnect SD-WAN Gateways, which stems from flaws in the encryption logic that could lead to the execution of arbitrary commands by an...

CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...

Security update for pcp

This update for pcp fixes the following issues: CVE-2024-3019: exposure of the redis server backend allows remote command execution via pmproxy bsc1222121. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:03233-1 Security update for pcp

This update for pcp fixes the following issues: - CVE-2024-3019: exposure of the redis server backend allows remote command execution via pmproxy bsc1222121...

CVE-2025-10359

A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor wa...

CVE-2025-10442

A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed...

CVE-2025-10441

A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub433F7C of the file versionupgrade.asp of the component jhttpd. The manipulation of the argument path results in os command injection. The attack may be launched...