NVIDIA Triton Inference Server 安全漏洞

Triton Inference Server is a high-performance inference service engine developed by NVIDIA, designed for AI model deployment in production environments, with support for a variety of frameworks TensorFlow, PyTorch, ONNX, etc. and optimized inference performance for GPUs and CPUs. An input...

Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2025-1739)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via r.URL.Path function in the middleware process. An attacker can execute arbitrary system commands or gain control over managed hosts by accessing the backend login path without authentication...

CVE-2025-53534

CVE-2025-53534 affects RatPanel versions 2.3.19–2.5.5. The vulnerability stems from the CleanPath middleware in github.com/go-chi/chi not properly processing r.URL.Path, enabling an attacker who has backend login access to bypass authentication and execute arbitrary commands or take over hosts wi...

CVE-2025-53534 RatPanel can perform remote command execution without authorization

RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed b...

CVE-2025-53534 RatPanel can perform remote command execution without authorization

RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed b...

CVE-2013-10069

The CVE-2013-10069 entry describes an unauthenticated OS command injection in the web interface (command.php) of multiple D-Link routers, specifically DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13). The flaw arises from improper handling of the cmd POST parameter, enabling a remote attacker t...

CVE-2025-43979

An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the xmlaction.cgi?method= endpoint...

PT-2025-32253 · Undefined · Undefined

CVE-2025-54976 - Apache HTTP Server Unvalidated User Input Leads to Remote Command Execution CVE ID : CVE-2025-54976 Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details,...

NetWin Netwin SurgeFTP 安全漏洞

NetWin Netwin SurgeFTP is a multi-platform FTP server software from NetWin New Zealand. A security vulnerability exists in NetWin Netwin SurgeFTP version 23c8 and prior versions, which stems from an improper handling of POST requests and could lead to remote command execution...

ICT Innovations ICTBroadcast 安全漏洞

ICT Innovations ICTBroadcast is a web-based automated calling and communication platform from ICT Innovations Pakistan. A security vulnerability exists in ICTBroadcast 7.4 and prior versions that stems from not properly handling session cookie data, which could lead to remote command execution...

SUSE CVE-2024-56731

Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instanc...

SUSE CVE-2025-5030

A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os command injection. The attack can be initiated...

GHSA-FM3M-JRGM-5PPG RatPanel can perform remote command execution without authorization

Summary When an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution RCE vulnerability...

RatPanel can perform remote command execution without authorization

Summary When an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution RCE vulnerability...

CVE-2013-10053

A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system call that invokes the system’s htpasswd binary. By injecting shell metacharacters into the username field, an...

The vulnerability of the mcp-remote proxy server lies in its failure to eliminate special elements used in the operating system command, allowing attackers to execute arbitrary commands.

The vulnerability of the mcp-remote proxy server is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of D-Link DI-7300G+ and DI-8200G router microprogramming software lies in the lack of measures to neutralize special elements, allowing attackers to execute arbitrary commands.

The vulnerability of D-Link DI-7300G+ and DI-8200G router microprogramming software lies in the lack of measures taken to neutralize special elements when processing parameters such as flag, cmd, and iface on the mspinfo.htm page. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the wsConvertPpt component in the Chamilo LMS e-learning and content management system allows a hacker to execute arbitrary commands.

The vulnerability of the wsConvertPpt component in the Chamilo LMS e-learning and content management system is related to the lack of measures taken to clean data at the administrative level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the command.php file in D-Link DIR-300 and DIR-600 microprogramming routers allows a hacker to execute arbitrary commands and compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the command.php file in D-Link DIR-300 and DIR-600 router microprogramming systems arises from the lack of access and data validation restrictions in the cmd parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands and compromise the...