CVE-2025-10441

A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub433F7C of the file versionupgrade.asp of the component jhttpd. The manipulation of the argument path results in os command injection. The attack may be launched...

CVE-2025-10442

A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed...

CVE-2025-10442

CVE-2025-10442 affects Tenda AC9 and AC15 with firmware 15.03.05.14. The vulnerability is in the function formexeCommand of /goform/exeCommand, where unsanitized cmdinput leads to OS command injection. Remote exploitation is possible and the exploit has been publicly disclosed. Affected devices c...

CVE-2025-10442 Tenda AC9/AC15 exeCommand formexeCommand os command injection

A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed...

CVE-2025-10441

CVE-2025-10441 affects D-Link DI-8100G/DI-8200G/DI-8003G (versions 17.12.20A1 and 19.12.10A1) where the function sub_433F7C in version_upgrade.asp of the jhttpd component mishandles the path argument, resulting in an OS command injection. The issue can be exploited remotely without user interacti...

CVE-2025-10440

A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub4621DC of the file usbpaswd.asp of the component jhttpd. The manipulation of the argument hname leads to os comma...

CVE-2025-10440

The CVE-2025-10440 issue affects D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G devices (firmware lines 16.07.26A1, 17.12.20A1, 19.12.10A1) in the jhttpd component. The vulnerability exists in the function sub_4621DC within usb_paswd.asp and stems from improper handling of the hname ar...

CVE-2025-10358

A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function sub404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly...

PT-2025-37467

Name of the Vulnerable Software and Affected Versions: D-Link DI-8100G versions 17.12.20A1 and 19.12.10A1 D-Link DI-8200G versions 17.12.20A1 and 19.12.10A1 D-Link DI-8003G versions 17.12.20A1 and 19.12.10A1 Description: A vulnerability exists due to the manipulation of the path argument within t...

PT-2025-37463

Name of the Vulnerable Software and Affected Versions: D-Link DI-8100 versions 16.07.26A1, 17.12.20A1, and 19.12.10A1 D-Link DI-8100G versions 16.07.26A1, 17.12.20A1, and 19.12.10A1 D-Link DI-8200 versions 16.07.26A1, 17.12.20A1, and 19.12.10A1 D-Link DI-8200G versions 16.07.26A1, 17.12.20A1, and...

PT-2025-37470

Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.05.14 Tenda AC15 version 15.03.05.14 Description: A vulnerability exists due to the manipulation of the cmdinput argument in the formexeCommand function within the /goform/exeCommand file, leading to OS command...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in Dataease version 2.10.12 and earlier, which...

CVE-2025-10328

A security vulnerability has been detected in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/api/playlist/playsinglefile.php. The manipulation of the argument File leads to os command injection. The attack may be initiated remotely...

CVE-2025-10324

A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects the function sub401C5C of the file firewall.cgi. This manipulation of the argument pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled causes command injection. It is possible to initia...

CVE-2025-10325

A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub401340/sub401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...

CVE-2025-10323

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is the function sub409184 of the file /wizardrep.shtml. The manipulation of the argument selEncrypTyp results in command injection. The attack may be performed from remote. The exploit has been made public and could be...

nishang

This repository is an offensive tool for Windows systems. It contains a collection of PowerShell scripts that can be used to exploit various vulnerabilities and gain unauthorized access to a system. The scripts are designed to be used by attackers to gain a foothold on a system and then escalate...

PT-2025-37415

Name of the Vulnerable Software and Affected Versions: D-Link DIR-823x versions up to 250416 Description: A command injection issue exists in D-Link DIR-823x firmware. The issue is located in an unknown function within the /goform/diag ping file. Manipulation of the target addr argument allows fo...

CVE-2025-10359

A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor wa...

CVE-2025-10359

CVE-2025-10359 affects Wavlink WL-WN578W2 (firmware 221110). The vulnerability resides in the function sub_404DBC within /cgi-bin/wireless.cgi, where manipulating the macAddr argument leads to an OS command injection . This can be exploited remotely and, per sources, the exploit is publicly avail...