CVE-2025-41673 Remote Command Injection in send_sms Action Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via POST requests in the sendsms action due to improper neutralization of special elements used in an OS command...

CVE-2025-41673

CVE-2025-41673 affects MB CONNECT LINE mbNET.mini (industrial router). The vulnerability is an OS command-injection in the send_sms operation caused by improper neutralization of special elements, enabling remote execution of system commands via POST requests. Vulnerable versions are prior to 2.3...

VulnCheck KEV: CVE-2023-5683

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btnfilerenew leads to os command injection. The attack may be initiated...

GPT-SoVITS-WebUI code issue vulnerability (CNVD-2025-23576)

GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI, which stems from insecure deserialization of bsroformer.py when receiving serialized data submitted by a user, and can be exploited by an attacker to execute arbitrary commands on the system...

CVE-2025-46122

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint /admin/cmdstat.jsp passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC...

GPT-SoVITS-WebUI code issue vulnerability (CNVD-2025-23578)

GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI that stems from insecure deserialization of referencewebui.py when receiving serialized data submitted by a user, which can be exploited by an attacker to execute arbitrary commands on the system...

Nokia WaveSuite NOC 安全漏洞

Nokia WaveSuite NOC is a unified operations and maintenance platform for optical networks from Nokia Finland. A security vulnerability exists in Nokia WaveSuite NOC that stems from a command that allows unfiltered user input to be passed to the underlying operating system for execution, potential...

The vulnerability of the fromTraceroutGet() function (/goform/getTraceroute) in the Tenda O3 wireless access point software allows a intruder to execute arbitrary commands.

The vulnerability of the fromNetToolGet function in the file /goform/setPingInfo function of the Tenda O3 wireless access point software is related to the lack of measures to sanitize input data during the processing of the domain parameter. Exploiting this vulnerability allows a remote attacker ...

The vulnerability of the fromTraceroutGet() function (/goform/getTraceroute) in the Tenda O3 wireless access point software allows a intruder to execute arbitrary commands.

The vulnerability of the fromTraceroutGet function /goform/getTraceroute in the Tenda O3 wireless access point software exists because measures are not taken to neutralize special elements when processing the dest parameter. Exploiting this vulnerability allows a remote attacker to execute...

Malicious code in lazmat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 292e8512aa9e77a20a04a58cee3529ea31b9451e5c9067bbad7be57b5eb8c7fb Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...

MAL-2025-191759 Malicious code in hkmat (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3c3063747c35c5ae091331ac2c35dbef66c945aca73b06ee32ef1f0ec088009 Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...

CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

CVE-2025-7836

A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbcsystem of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads to command injection. The attack can be launche...

CVE-2025-53928

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue...

CVE-2023-47356

Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution RCE vulnerability via the logtype parameter at /log/fwsecurity.mds...

CVE-2025-7788

CVE-2025-7788 affects Xuxueli xxl-job up to 3.1.1. The vulnerable component is the commandJobHandler function in SampleXxlJob.java, enabling OS command injection with remote access. Exploit-public disclosures exist. Remediation: upgrade to a version beyond 3.1.1 and, as a workaround, restrict acc...

PT-2025-30007 · Ubiquiti · Unifi Access +1

Name of the Vulnerable Software and Affected Versions: UniFi Access Reader Pro versions 2.14.21 and earlier UniFi Access G2 Reader Pro versions 1.10.32 and earlier UniFi Access G3 Reader Pro versions 1.10.30 and earlier UniFi Access Intercom versions 1.7.28 and earlier UniFi Access G3 Intercom...

Livewire is vulnerable to remote command execution during component property update hydration

Impact In Livewire v3 ≤ 3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions...

GHSA-29CQ-5W36-X7W3 Livewire is vulnerable to remote command execution during component property update hydration

Impact In Livewire v3 ≤ 3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions...

CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...