CVE-2025-10323 Wavlink WL-WN578W2 wizard_rep.shtml sub_409184 command injection

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is the function sub409184 of the file /wizardrep.shtml. The manipulation of the argument selEncrypTyp results in command injection. The attack may be performed from remote. The exploit has been made public and could be...

CVE-2025-10365 Authentication Bypass in Evertz SDVN

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among...

CVE-2025-10265 Digiever｜NVR - OS Command Injection

Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device...

CVE-2025-10265 Digiever｜NVR - OS Command Injection

Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device...

CVE-2025-10265

Digiever Digiever NVR devices are affected by CVE-2025-10265, an OS command injection vulnerability in the NVR OS that enables authenticated remote attackers to inject and execute arbitrary commands. The issue is described as affecting certain NVR models, with network access required and low priv...

PT-2025-37353

Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.8.0 Description: A security flaw exists in MiczFlor RPi-Jukebox-RFID up to version 2.8.0. The issue is due to os command injection in an unknown function of the file /htdocs/api/playlist/single.php...

Digiever NVR 操作系统命令注入漏洞

The Digiever NVR is a camera centralized management, video storage and surveillance device from Digiever Corporation of Taiwan, China. The Digiever NVR suffers from an operating system command injection vulnerability that originates from an unauthenticated remote attacker who can inject arbitrary...

PT-2025-37344

Name of the Vulnerable Software and Affected Versions: Wavlink WL-WN578W2 version 221110 Description: A vulnerability exists in the Wavlink WL-WN578W2 router. Manipulation of the arguments pingFrmWANFilterEnabled, blockSynFloodEnabled, blockPortScanEnabled, or remoteManagementEnabled within the...

PT-2025-37342

Name of the Vulnerable Software and Affected Versions: Wavlink WL-WN578W2 version 221110 Description: A command injection issue exists in the function sub 409184 of the file /wizard rep.shtml. The manipulation of the argument sel EncrypTyp can lead to command injection. This issue is exploitable...

CVE-2025-10107

A vulnerability has been found in TRENDnet TEW-831DR 1.0 601.130.1.1410. Impacted is an unknown function of the file /boafrm/formSysCmd. The manipulation of the argument sysHost leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

Exploit for CVE-2025-42944

CVE-2025-42944 Due to a deserialization vulnerability in SAP...

CVE-2025-10123

A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub415028 of the file /goform/setstaticleases. Executing manipulation of the argument Hostname can lead to command injection. The attack can be launched remotely. The exploit has been...

GHSA-R4H8-HFP2-GGMF Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation

Summary It has been discovered that the middleware functionality in Hoverfly is vulnerable to command injection through its /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. Details The vulnerability exists in the middleware management API endpoin...

CVE-2025-56406

An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local...

📄 Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote command injection vulnerability in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02. The vulnerability lies in the time parameter of the time configuration endpoint, which is passed unsanitized to a shell command executed via th...

Linux Distros Unpatched Vulnerability : CVE-2023-34254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an...

Linux Distros Unpatched Vulnerability : CVE-2022-0415

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6. CVE-2022-0415 Note that Nessus relies on the presence of t...

PT-2025-81: OS command injection in Fastwel PLC web server

The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. The discovered vulnerability is related to a failure to neutralize special elements used in operating system commands. Exploitation of this vulnerability allows a remote attacker t...

PT-2025-82: Insecure OS сommand execution mechanism in Fastwel PLC web server

The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. The discovered vulnerability allows a remote attacker to execute arbitrary operating system commands and escalate their privileges to superuser level by sending a POST request via ...

Linux Distros Unpatched Vulnerability : CVE-2021-23422

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an...