CVE-2025-8752

The CVE-2025-8752 entry concerns the wangzhixuan spring-shiro-training project (up to commit 94812c1fd8f7fe796c931f4984ff1aa0671ab562). The vulnerability is in the /role/add code path and is due to a command injection vulnerability. It is exploitable remotely and has been publicly disclosed. The ...

CVE-2025-8752 wangzhixuan spring-shiro-training add command injection

A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. The attack can be initiated remotely. The...

GHSA-2VCF-QXV3-2MGW Craft CMS has a theoretical bypass for CVE-2025-23209

Pre-requisites: Have a compromised security key https://craftcms.com/knowledge-base/securing-craftkeep-your-secrets-secret Somehow, manage to create an arbitrary file in Craft’s /storage/backups folder. With those two pieces in place, you could create a specific, malicious request to the...

CVE-2010-10013

An unauthenticated remote command execution vulnerability exists in AjaXplorer now known as Pydio Cells versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By...

Sourceforge AjaXplorer 安全漏洞

Sourceforge AjaXplorer is a Web-based file manager from Sourceforge open source. A security vulnerability exists in Sourceforge AjaXplorer versions prior to 2.6, which stems from the checkInstall.php script in the access.ssh plugin that does not properly clean up user input, potentially leading t...

The vulnerability of the lxmldbc_system function in D-Link DIR‑817L router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the lxmldbcsystem function in D-Link DIR-817L router microprogramming software is related to the lack of measures taken at the control level to clean data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability in the setup.cgi script of Netgear DGN1000B router software allows a hacker to execute arbitrary commands.

The vulnerability in the setup.cgi script of Netgear DGN1000B router microprogramming software relates to the failure to take measures to neutralize special elements used in the operating system’s command for handling the TimeToLive parameter. Exploiting this vulnerability allows a remote attacke...

The vulnerability in the pppoe.cgi script of Netgear DGN2200B router software allows a hacker to execute arbitrary commands.

The vulnerability of the pppoe.cgi script of the Netgear DGN2200B router operating system is related to the failure to take measures to neutralize special elements used in the operating system when processing the pppoeusername parameter. Exploiting this vulnerability allows a remote attacker to...

The vulnerability of the web interface of D-Link DIR-300 and DIR-600 microprogrammed software routers allows a hacker to execute arbitrary commands.

The vulnerability of the web interfaces of D-Link DIR-300 and DIR-600 microprogrammed software routers is related to the failure to eliminate special elements used in the operating system’s processing of the pingIp parameter. Exploiting this vulnerability allows a remote attacker to execute...

Exploit for CVE-2025-7769

CVE-2025-7769 – Remote Command Injection in mobileapi Des...

Tigo Energy CCA Command Injection

This repository contains a proof of concept exploit exploit for CVE‑2025‑7769, a critical remote command injection vulnerability found in Tigo Energy CCA appliances exposing the /cgi-bin/mobileapi endpoint...

Itemir M300 Wi-Fi Repeater 安全漏洞

The Itemir M300 Wi-Fi Repeater is a wireless repeater from China-based Itemir. A security vulnerability exists in the Itemir M300 Wi-Fi Repeater that stems from an uncleared passwd parameter, which could lead to an unauthenticated remote command injection attack...

Itemir M300 Wi-Fi Repeater 安全漏洞

The Itemir M300 Wi-Fi Repeater is a wireless repeater from Itemir China. A security vulnerability exists in the Itemir M300 Wi-Fi Repeater that stems from the time parameter not being cleaned, which could lead to an unauthenticated remote command injection attack...

Itemir M300 Wi-Fi Repeater 安全漏洞

Itemir M300 Wi-Fi Repeater is a wireless repeater from Itemir China. A security vulnerability exists in the Itemir M300 Wi-Fi Repeater that stems from an uncleared user parameter that could lead to an unauthenticated remote command injection attack...

PT-2025-32308 · Unknown · Agentuniverse

Name of the Vulnerable Software and Affected Versions: agentUniverse versions up to 0.0.18 Description: A critical issue exists in agentUniverse that allows for remote OS command injection. The issue affects the StdioServerParameters function within the MCPSessionManager/MCPTool/MCPToolkit...

Itemir M300 Wi-Fi Repeater 安全漏洞

The Itemir M300 Wi-Fi Repeater is a wireless repeater from China-based Itemir. A security vulnerability exists in the Itemir M300 Wi-Fi Repeater that stems from an uncleared ssid parameter, which could lead to an unauthenticated remote command injection attack...

The vulnerability of the ui_get_input_value() function in Netgear WG302v2 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the uigetinputvalue function in Netgear WG302v2 router microprogramming software is related to the lack of measures taken to clean data at the control level when processing the host parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...

The vulnerability of the SMTP protocol implementation in the software platform for managing identification and access control in Keycloak allows a perpetrator to execute arbitrary commands.

The vulnerability of the SMTP protocol implementation for managing identities and access control in Keycloak relates to the failure to neutralize CRLF sequences. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Multiple vulnerabilities in Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series

Overview Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series provided by SATO Corporation contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-22469 Unrestricted upload of file with dangerous type CWE-434 - CVE-2025-22470 MASAHIRO IIDA of LAC Co., Ltd...

CVE-2025-8652

Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific...