Spree Commerce 安全漏洞

Spree Commerce is an e-commerce platform from Spree Open Source. A security vulnerability exists in Spree Commerce versions prior to 0.50.x. The vulnerability stems from improper input cleanup in the API search function and could lead to remote command execution...

PT-2025-34152 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250 versions 1.0.013.001 through 1.2.07.001 Linksys RE6300 versions 1.0.013.001 through 1.2.07.001 Linksys RE6350 versions 1.0.013.001 through 1.2.07.001 Linksys RE6500 versions 1.0.013.001 through 1.2.07.001 Linksys RE7000 version...

PT-2025-34109 · Undefined · Undefined

The RealNetworks RealArcade platform includes an ActiveX control InstallerDlg.dll, version 2.6.0.445 that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation...

Linux Distros Unpatched Vulnerability : CVE-2017-5078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote...

Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

CVE-2025-9149

A vulnerability was determined in Wavlink WL-NU516U1 M16U1V240425. This impacts the function sub4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guestssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

CVE-2025-9149

A vulnerability was determined in Wavlink WL-NU516U1 M16U1V240425. This impacts the function sub4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guestssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

CVE-2025-9149

CVE-2025-9149 affects Wavlink WL-NU516U1 M16U1_V240425. The vulnerability is in the function sub_4032E4 of the file /cgi-bin/wireless.cgi, where manipulation of the argument Guest_ssid enables command injection. The issue is exploitable remotely, and public exploit details (PoC) have been disclos...

CVE-2025-9149 Wavlink WL-NU516U1 wireless.cgi sub_4032E4 command injection

A vulnerability was determined in Wavlink WL-NU516U1 M16U1V240425. This impacts the function sub4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guestssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

CVE-2025-9149 Wavlink WL-NU516U1 wireless.cgi sub_4032E4 command injection

A vulnerability was determined in Wavlink WL-NU516U1 M16U1V240425. This impacts the function sub4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guestssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

CVE-2025-9090

A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

PT-2025-33820 · Wavlink · Wavlink Wl-Nu516U1

Name of the Vulnerable Software and Affected Versions: Wavlink WL-NU516U1 M16U1 V240425 Description: A vulnerability exists due to command injection. The issue is located in the /cgi-bin/wireless.cgi file and impacts the sub 4032E4 function. Manipulation of the Guest ssid argument can lead to...

Linux Distros Unpatched Vulnerability : CVE-2024-8517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system...

Linux Distros Unpatched Vulnerability : CVE-2021-38173

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using sshfilterbtrbk.sh in authorizedkeys...

Linux Distros Unpatched Vulnerability : CVE-2018-11652

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header,...

Exploit for Command Injection in Tenda Ac20_Firmware

CVE-2025-9090 Author: Byte Reaper Description This exp...

CVE-2025-9026

A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgimain of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-9090

A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

CVE-2025-9090

CVE-2025-9090 affects Tenda AC20 router (firmware 16.03.08.12). The flaw is in the Telnet Service: the websFormDefine function in /goform/telnet allows remote command injection. Public exploitation exists (exploit code and PoC references in multiple sources), enabling arbitrary command execution ...