CVE-2025-22481

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

CVE-2025-22481

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

CVE-2025-5763

A vulnerability has been found in Tenda CP3 11.10.00.2311090948 and classified as critical. Affected by this vulnerability is the function subF3C8C of the file apollo. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public an...

CVE-2025-48782

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file...

CVE-2025-48780

A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object...

CVE-2025-48782

Soar Cloud HRD Human Resource Management System (Soar Cloud HRMS) is affected up to version 7.3.2025.0408. The vulnerability is an unrestricted upload of files with dangerous types in the upload file function, enabling remote command execution by a malicious file. The connected sources consistent...

CVE-2025-48780 Soar Cloud HRD Human Resource Management System - Deserialization of Untrusted Data

A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object...

CVE-2025-48780

CVE-2025-48780 affects Soar Cloud HRD Human Resource Management System prior to version 7.3.2025.0408. A deserialization vulnerability in the download file function allows remote attackers to execute arbitrary system commands via a crafted serialized object. Public metrics list a critical impact ...

CVE-2025-48780 Soar Cloud HRD Human Resource Management System - Deserialization of Untrusted Data

A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object...

PT-2025-24058

Name of the Vulnerable Software and Affected Versions Soar Cloud HRD Human Resource Management System versions prior to 7.3.2025.0408 Description A deserialization of untrusted data issue in the download file function allows remote attackers to execute arbitrary system commands via a crafted...

The vulnerability of the formMapReboot() function in the embedded server of the TOTOLINK X15 router’s microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the formMapReboot function in the embedded server of the TOTOLINK X15 router’s microprogramming software is related to the lack of measures to clean input data during the processing of the deviceMacAddr parameter. Exploiting this vulnerability allows a remote attacker to...

CVE-2025-5695

A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. This impacts the function subscribetospot/subscribetodelta/subscribetoalarm of the file /usr/www/application/models/subscriptions.php of the component Backend. Such manipulation leads to command injection. It is possible to launch...

CVE-2025-5620

A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsecconfig of the file /goform/setipsecconfig. The manipulation of the argument localIP/remoteIP leads to os command injection. It is possible to launch the attack remotely. The...

CVE-2025-49008 Atheos Improper Input Validation Vulnerability Enables RCE in Common.php

Atheos is a self-hosted browser-based cloud integrated development environment. Prior to version 6.0.4, improper use of escapeshellcmd in /components/codegit/traits/execute.php allows argument injection, leading to arbitrary command execution. Atheos administrators and users of vulnerable version...

The vulnerability of the formMapReboot() function (/boafrm/formMapReboot) in the TOTOLINK X15 router microprogramming software allows a intruder to execute arbitrary commands or cause a service failure.

The vulnerability of the formMapReboot function /boafrm/formMapReboot of the TOTOLINK X15 router’s microprogramming software is related to the issue of the operation exceeding the buffer boundaries in memory when processing the deviceMacAddr parameter. Exploiting this vulnerability allows a remot...

The vulnerability of the ssid1MACFilter() function in the Linksys wireless signal amplifiers’ software allows a hacker to execute arbitrary commands.

The vulnerability of the ssid1MACFilter function in the Linksys wireless amplifier software-related microprogramming system is related to the lack of measures to neutralize specific elements. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...

The vulnerability of the RP_checkFWByBBS() function in the microprogramming software for Linksys’ wireless signal amplifiers allows a hacker to execute arbitrary commands.

The vulnerability of the RPcheckFWByBBS function in the microprogramming software for Linksys wireless signal amplifiers is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the sub_456DE8() function in the jhttpd web server of the D-Link DI-500WF-WT router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the sub456DE8 function in the jhttpd web server of the D-Link DI-500WF-WT router microprogramming system is related to the lack of data cleaning measures at the control level when processing the cmd parameter. Exploiting this vulnerability allows an attacker to execute...

The vulnerability of the built-in boa server (/boafrm/formMapDel) of the Totolink X2000R router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the built-in server boa /boafrm/formMapDel of the Totolink X2000R router’s microprogramming software is related to the lack of data cleaning at the management level when processing the parameter devicemac1. Exploiting this vulnerability allows an attacker operating remotely t...

CVE-2025-5606

A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv of the file /goform/SetIPTVCfg. The manipulation of the argument list leads to command injection. The attack can be initiated remotely. The exploit has been...