The vulnerability of the microprogrammed software of Edimax EW-7438RPn Mini wireless signal amplifiers arises from the lack of measures taken to neutralize the special elements used in the operating system’s command structure. This allows a hacker to execute arbitrary commands.

The vulnerability of the microprogrammed software of Edimax EW-7438RPn Mini wireless signal amplifiers is related to the lack of measures taken to neutralize special elements used in the operating system’s command processing for handling the sysCmd parameter. Exploiting this vulnerability allows ...

CVE-2025-6621

A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclose...

CVE-2025-6618

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-6619

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. Affected by this vulnerability is the function setUpgradeFW of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit...

CVE-2025-6618

CVE-2025-6618 affects TOTOLINK CA300-PoE 6.2c.884. The vulnerability resides in the wps.so library, within the SetWLanApcliSettings function, where improper handling of the PIN parameter enables os command injection. It is exploitable remotely, and public disclosures have occurred. Multiple sourc...

GHSA-WJ44-9VCG-WJQ7 Gogs allows deletion of internal files which leads to remote command execution

Summary Due to the insufficient patch for the CVE-2024-39931, it's still possible to delete files under the .git directory and achieve remote command execution. Details In the patch for CVE-2024-39931, the following check is added:...

Gogs allows deletion of internal files which leads to remote command execution

Summary Due to the insufficient patch for the CVE-2024-39931, it's still possible to delete files under the .git directory and achieve remote command execution. Details In the patch for CVE-2024-39931, the following check is added:...

CVE-2024-56731

Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instanc...

CVE-2024-56731 Gogs deletion of internal files allows remote command execution

Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instanc...

CVE-2024-56731

Summary: Gogs (self-hosted Git service) contains a remote command execution flaw tied to the .git directory. Prior to version 0.13.3, an insufficient patch for CVE-2024-39931 allowed unprivileged users to delete files inside .git and run arbitrary commands with RUN_USER privileges, enabling acces...

CVE-2024-56731 Gogs deletion of internal files allows remote command execution

Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instanc...

CVE-2024-56731 Gogs deletion of internal files allows remote command execution

Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instanc...

Gogs 安全漏洞

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the Gogs team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs versions prior to 0.13.3, which...

PT-2025-26663

Name of the Vulnerable Software and Affected Versions: TVT DVR Cross Web Server affected versions not specified Description: An OS command injection issue exists in the custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in...

CVE-2025-6299

A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boa/formWSC. The manipulation of the argument targetAPSsid leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-44635

There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series routers before...

CVE-2025-34030

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to t...

CVE-2025-34029

An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell...

The vulnerability of the ping_test() function in the adm.cgi script of the Wavlink WL-WN530H4 router software allows a hacker to execute arbitrary commands.

The vulnerability of the pingtest function in the adm.cgi script of the Wavlink WL-WN530H4 router software is related to the lack of data cleaning at the control level when processing the pingIp parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the formSetIptv() function in the microprogramming software for Tenda AC18 allows a hacker to execute any command they desire.

The vulnerability of the formSetIptv function /goform/SetIPTVCfg in the Tenda AC18 router’s microprogramming software is related to the lack of measures for cleaning input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...