CVE-1999-0750

Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account...

CVE-1999-0375

Buffer overflow in webd in Network Flight Recorder NFR 2.0.2-Research allows remote attackers to execute commands...

CVE-1999-0065

Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands...

CVE-1999-0237

Remote execution of arbitrary commands through Guestbook CGI program...

CVE-1999-0186

In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters...

EUVD-2025-16032

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote...

PT-2025-22355

Name of the Vulnerable Software and Affected Versions AAPanel version 7.0.7 Description The issue is related to an OS command injection, which can lead to remote command execution RCE. It is estimated that more than 3.6 million servers globally are potentially affected. Recommendations For AAPane...

CVE-2025-5000

A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function controlpanelsw of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument filename leads to command...

CVE-2025-4999

A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000 and classified as critical. Affected by this issue is the function sub4153FC of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument supplicantrndiden leads to...

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System (Sailfish) [CVE-2023-51385, CVE-2023-48795, CVE-2023-38408, CVE-2020-15778, CVE-2021-41617].

Summary The OpenSSH package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVECVE-2023-51385, CVE-2023-48795, CVE-2023-38408, CVE-2020-15778, CVE-2021-41617. Vulnerability Details CVEID:CVE-2023-51385 DESCRIPTION: OpenSSH could allow a...

K000151398: PyTorch vulnerability CVE-2025-32434

Security Advisory Description PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model...

The vulnerability of the ArchiveService.rem service in the FactoryTalk AssetCentre software platform allows a perpetrator to execute arbitrary commands.

The vulnerability of the ArchiveService.rem service in the FactoryTalk AssetCentre software platform is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary commands...

The vulnerability of the LogService.rem service in the FactoryTalk AssetCentre software platform allows a perpetrator to execute arbitrary commands.

The vulnerability of the LogService.rem service in the FactoryTalk AssetCentre centralized asset management software is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary commands...

CVE-2025-4851

A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390B20191101. This vulnerability affects the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack can be initiated remotely. The explo...

CVE-2025-4850

A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390B20191101. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pluginname leads to command injection. It is possible to initiate the attack remotely. The...

CVE-2025-32002

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier when 'Remote Link3 function' is enabled. If exploited, a remote unauthenticated attacker may execute an arbitra...

The vulnerability of the Telnet protocol implementation in the microprogramming-based router software Tenda RX2 Pro allows a hacker to bypass security restrictions and execute arbitrary commands.

The vulnerability of the Telnet protocol implementation in Tenda RX2 Pro microprogramming router software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute arbitrary commands remotely...

The vulnerability of the setLanCfg() function in the microprogramming software for Tenda RX2 Pro allows a hacker to execute arbitrary commands.

The vulnerability of the setLanCfg function in the Tenda RX2 Pro router’s microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2025-47782 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

The vulnerability of the sub_16570 function in the /htdocs/ssdpcgi file of the D-Link DIR-880L router’s microprogramming system, related to the lack of data cleaning at the control level, allows a hacker to execute arbitrary commands.

The vulnerability of the sub16570 function in the /htdocs/ssdpcgi file of the D-Link DIR-880 router’s microprogramming system is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...