CVE-2025-4340

A vulnerability classified as critical has been found in D-Link DIR-890L and DIR-806A1 up to 100CNb11/108B03. Affected is the function sub175C8 of the file /htdocs/soap.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed t...

CVE-2025-4340

CVE-2025-4340 affects D-Link DIR-890L and DIR-806A1; the vulnerability is a remote command injection in the function sub_175C8 of /htdocs/soap.cgi. The root cause is improper handling/filters of crafted characters in that function, allowing an attacker to execute arbitrary commands remotely. Affe...

PT-2025-20322 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a remote command execution in the Apache HTTP Server. No specific details about the number of potentially affected devices or real-world incidents are provided...

Azure Linux 3.0 Security Update: pytorch (CVE-2025-32434)

The version of pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-32434 advisory. - PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural...

CBL Mariner 2.0 Security Update: pytorch (CVE-2025-32434)

The version of pytorch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-32434 advisory. - PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural...

CVE-2025-25504

An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC In AV over IP products v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges...

CVE-2025-25504

Gefen WebFWC (In AV over IP) versions 1.70, 1.85h, and 1.86v contain an unauthenticated remote command execution flaw in /usr/local/bin/jncs.sh. Attackers with network access can reach TCP port 4444 and execute commands with root privileges. The vulnerability is documented across multiple sources...

The vulnerability of the ping_ddns() function in the internet.cgi scenario of the Wavlink WN530H4, WN530HG4, and WN572HG3 routers allows attackers to execute arbitrary commands.

The vulnerability of the pingddns function in the internet.cgi scenario of the Wavlink WN530H4, WN530HG4, and WN572HG3 routers is related to the lack of data cleaning at the management level when processing DDNS parameters. Exploiting this vulnerability allows a remote attacker to execute arbitra...

The vulnerability of UserGate Next-Generation Firewall (NGFW) and UserGate Web Application Firewall (WAF) at the web application level arises from the failure to implement measures to neutralize specific elements. This allows attackers to execute arbitrary operating system commands with maximum privileges.

The vulnerability of UserGate Next-Generation Firewall NGFW and UserGate Web Application Firewall WAF at the web application level is related to the failure to implement measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute any command on the...

CVE-2025-44837

TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44864

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44835

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell...

Erlang OTP Pre-Auth RCE Scanner and Exploit

This module detect and exploits CVE-2025-32433, a pre-authentication vulnerability in Erlang-based SSH servers that allows remote command execution. By sending crafted SSH packets, it executes a payload to establish a reverse shell on the target system. The exploit leverages a flaw in the SSH...

Exploit for Missing Authorization in Spicethemes Newsblogger

🚨 WordPress NewsBlogger Theme = 0.2.5.1 - Arbitrary File Uplo...

The vulnerability of microprogrammed software in PLANET Technology switches arises from the failure to take measures to neutralize special elements, allowing attackers to execute arbitrary commands.

The vulnerability of PLANET Technology’s microprogrammed software exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

📄 Erlang-Based SSH OTP Pre-Authentication Remote Code Execution

This Metasploit module detect and exploits CVE-2025-32433, a pre-authentication vulnerability in Erlang-based SSH servers that allows remote command execution. By sending crafted SSH packets, it executes a payload to establish a reverse shell on the target system. The exploit leverages a flaw in...

The vulnerability of the /goform/set_prohibiting function in the microprogramming software for D-link DIR-823X AX3000 allows a hacker to execute arbitrary commands.

The vulnerability of the /goform/setprohibiting function in the microprogramming software for D-link DIR-823X AX3000 routers is related to the lack of measures taken to clean data at the control level. Exploitation of this vulnerability allows a remote attacker to execute arbitrary commands by...

CVE-2025-44843

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44835

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell...

CVE-2025-44835

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell...