CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

CVE-2025-54068 Livewire vulnerable to remote command execution during property update hydration

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

CVE-2025-54068 Livewire vulnerable to remote command execution during property update hydration

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

CVE-2025-54068 Livewire vulnerable to remote command execution during property update hydration

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

CVE-2025-54068

Summary (validated by connected docs): CVE-2025-54068 affects Laravel Livewire v3 up to 3.6.3, where the component hydration/update mechanism can allow unauthenticated remote command execution under specific mounting/config conditions. Public advisories and templates confirm an in-the-wild risk a...

CVE-2023-47356

Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution RCE vulnerability via the logtype parameter at /log/fwsecurity.mds...

CVE-2025-53928

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue...

CVE-2025-34068

An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are...

CVE-2025-34116

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server...

CVE-2025-53928

MaxKB has a Remote Command Execution vulnerability in the MCP call present in versions prior to 1.10.9-lts and 2.0.0. The issue is fixed in 1.10.9-lts and 2.0.0. No exploitation details are provided beyond this, and remediation is to upgrade to the fixed versions.

CVE-2025-53928 MaxKB has RCE in MCP call

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue...

CVE-2025-53928 MaxKB has RCE in MCP call

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue...

CVE-2025-53928 MaxKB has RCE in MCP call

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue...

Anheng Mingyu Security Gateway 安全漏洞

Anheng Mingyu Security Gateway is a security gateway from the Chinese company Anheng. A security vulnerability exists in Anheng Mingyu Security Gateway versions prior to v3.0-5.3p, which originates from a remote command execution vulnerability in the logtype parameter in /log/fwsecurity.mds...

CVE-2023-47356

Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution RCE vulnerability via the logtype parameter at /log/fwsecurity.mds...

MaxKB 代码注入漏洞

MaxKB is a 1Panel-dev open source open source knowledge base question and answer system based on large language model and RAG. A code injection vulnerability exists in MaxKB 1.10.9-lts and versions prior to 2.0.0, which stems from a remote command execution vulnerability in MCP calls...

PT-2025-29912

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 1.10.9-lts MaxKB versions prior to 2.0.0 Description A Remote Command Execution issue exists in the MCP call. Recommendations Update to version 1.10.9-lts or later. Update to version 2.0.0 or later...

CVE-2023-47356

Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution RCE vulnerability via the logtype parameter at /log/fwsecurity.mds...

CVE-2023-47356

CVE-2023-47356 affects Mingyu Security Gateway prior to v3.0-5.3p. A remote command execution (RCE) exists via the log_type parameter handled at /log/fw_security.mds, arising from improper input handling. Exploitation could allow an unauthenticated attacker (network vector) with low privileges to...

PT-2025-29947

Name of the Vulnerable Software and Affected Versions Livewire versions 3.0 through 3.6.3 Description An issue in the hydration process of the Livewire framework allows unauthenticated attackers to achieve remote command execution in specific scenarios. The flaw occurs because the framework fails...