The vulnerability of the Tenda AX12 Wi-Fi router’s microprogramming software lies in the lack of measures to neutralize the special elements used in the operating system’s command set. This allows a hacker to execute arbitrary commands.

The vulnerability of the microprogrammed Wi-Fi router Tenda AX12 relates to the lack of measures taken to neutralize special elements used in the operating system’s command processing when handling the list parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

CVE-2025-6485

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack...

CVE-2025-6485

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack...

CVE-2025-34030

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to t...

CVE-2025-25038

An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to...

CVE-2025-44635

There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series routers before...

CVE-2025-6335

A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injection. The attack may be initiated remotely...

CVE-2025-6299

A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boa/formWSC. The manipulation of the argument targetAPSsid leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-44635

There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series routers before...

CVE-2025-44635

CVE-2025-44635 affects H3C ER2200G2, ERG2-450W/1200W/1350W/NR1200W and multiple ER/GR series routers (various models) prior to the fixed builds (e.g., ERG2AW-MNW100-R1117, ERHMG2-MNW100-R1126, MiniGR1B0V100R018L50, MiniGRW1B0V100R009L50, SWBRW1A0V100R007L50, SWBRW1B0V100R009L50). The issue enable...

The vulnerability of the “Mass Processing of Infobox Elements (Products)” plugin, which arises from failing to take measures to neutralize special elements, allows a violator to execute arbitrary commands.

The vulnerability of the “Massive Processing of Infoblock Elements Products” plugin is related to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the “Multi-Functional Export/Import in Excel” plugin, which arises from the failure to take measures to neutralize special elements, allows a perpetrator to execute arbitrary commands.

The vulnerability of the “Multi-Functional Export/Import in Excel” plugin is related to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the “Import from Excel. Upload product catalog 1C-Bitrix” plugin, which stems from the failure to take measures to neutralize special elements, allows attackers to execute arbitrary commands.

The vulnerability of the plugin “Import from Excel. Uploading product catalogs for 1C-Bitrix” is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

H3C多款产品 安全漏洞

H3C ER2200G2 and others are products of China's Xinhua San H3C.H3C ER2200G2 is an enterprise router.H3C ERG2-450W is a wireless router.H3C ERG2-1200W is a wireless router. A security vulnerability exists in various H3C products that stems from authentication bypass and could lead to remote comman...

PT-2025-26438 · H3C · Er6300G2 +14

Name of the Vulnerable Software and Affected Versions: H3C ER2200G2 series routers versions prior to ERG2AW-MNW100-R1117 H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series routers versions prior to ERHMG2-MNW100-R1126 H3C GR3200, GR5200, GR8300 series...

CVE-2025-44635

There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series routers before...

Security Bulletin: There is a vulnerablity in the torch library affecting IBM watsonx Code Assistant On Prem

Summary There is a vulnerablity in the torch library affecting IBM watsonx Code Assistant On Prem. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2025-32434 DESCRIPTION: PyTorch is a Python package that provides tensor computation with...

The vulnerability of the bs_SetSSIDHide() function in the libshare-0.0.26.so library of the LB-LINK router software allows a attacker to execute arbitrary commands.

The vulnerability of the bsSetSSIDHide function in the libshare-0.0.26.so library of the LB-LINK router software is related to the lack of measures taken at the management level during the processing of the enable parameter. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the bs_SetMacBlack() function in the libshare-0.0.26.so library of the LB-LINK router software allows a attacker to execute arbitrary commands.

The vulnerability of the bsSetMacBlack function in the libshare-0.0.26.so library of the LB-LINK router software is related to the lack of data cleaning measures at the control level when processing the mac parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the bs_setCmd() function in the libshare-0.0.26.so library of the LB-LINK microprogramming router software allows a attacker to execute arbitrary commands.

The vulnerability of the bssetCmd function in the libshare-0.0.26.so library of the LB-LINK router software lies in the failure to take data cleaning measures at the control level when processing the cmd parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary comman...