19611 matches found
Snort Report 安全漏洞
Snort Report is an inspection report management system from the Snort team. A security vulnerability exists in Snort Report versions prior to 1.3.2 that stems from the nmap.php and nbtscan.php scripts not being cleaned of user input, which could lead to remote command execution...
NVIDIA Triton Inference Server HTTP Service Input Validation Vulnerability
Triton Inference Server is a high-performance inference service engine developed by NVIDIA, designed for AI model deployment in production environments, with support for a variety of frameworks TensorFlow, PyTorch, ONNX, etc. and optimized inference performance for GPUs and CPUs. An input...
PT-2025-33088 · Unknown · Spree Commerce
Name of the Vulnerable Software and Affected Versions: Spreecommerce versions prior to 0.60.2 Description: Spreecommerce versions prior to 0.60.2 contain a remote command execution issue in the search functionality. The application does not properly sanitize input passed via the searchsend...
Cisco IOS XE Software Web Based Management Interface (cisco-sa-webui-multi-ARNHM4v6)
According to its self-reported version, Cisco IOS-XE Software is affected by multiple vulnerabilities. - A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected...
N-able N-Central Insecure Deserialization Vulnerability
N-able N-Central contains an insecure deserialization vulnerability that could lead to command execution...
CVE-2025-8818
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setDFSSetting of the file /goform/setLan. The manipulation of the argument lanNetmask/lanIp leads to os command injection. The attack may be launched...
Komari vulnerable to Cross-site WebSocket Hijacking
Summary WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated users Details https://github.com/komari-monitor/komari/blob/bd5a6934e1b79a12cf1e6a9bba5372d0e04f3abc/api/terminal.goL33-L35 Any third party website can send request...
GHSA-Q355-H244-969H Komari vulnerable to Cross-site WebSocket Hijacking
Summary WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated users Details https://github.com/komari-monitor/komari/blob/bd5a6934e1b79a12cf1e6a9bba5372d0e04f3abc/api/terminal.goL33-L35 Any third party website can send request...
Linux Distros Unpatched Vulnerability : CVE-2023-52138
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve...
GO-2025-3844 RatPanel can perform remote command execution without authorization in github.com/tnborg/panel in github.com/TheTNB/panel
RatPanel can perform remote command execution without authorization in github.com/tnborg/panel in github.com/TheTNB/panel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positiv...
CVE-2025-8752
A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. The attack can be initiated remotely. The...
CVE-2025-8830
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function sub3517C of the file /goform/setWan. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The...
CVE-2025-8830 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setWan sub_3517C os command injection
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function sub3517C of the file /goform/setWan. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The...
CVE-2025-8830
The CVE-2025-8830 issue affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 devices up to 20250801. It centers on the function sub_3517C in /goform/setWan, where manipulating the Hostname argument leads to an OS command injection. The vulnerability can be triggered remotely and has had publ...
CVE-2025-8829
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function umred of the file /goform/RPsetBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched...
CVE-2025-8829
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function umred of the file /goform/RPsetBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched...
CVE-2025-8828
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function ipv6cmd of the file /goform/setIpv6. The manipulation of the argument...
CVE-2025-8828
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function ipv6cmd of the file /goform/setIpv6. The manipulation of the argument...
CVE-2025-8827
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function uminspectcrossband of the file /goform/RPsetBasicAuto. The manipulation of the argument staticGateway leads to os command injection. The attack may be initiated...
CVE-2025-8827
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function uminspectcrossband of the file /goform/RPsetBasicAuto. The manipulation of the argument staticGateway leads to os command injection. The attack may be initiated...