Ivanti EPM 1.0 Code Execution

Ivanti EPM version 1.0 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : Ivanti EPM v1.0 PHP Code Injection Vulnerability | | Author : indoushka | |...

Ollama 0.5.11 Code Execution

Ollama version 0.5.11 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : Ollama 0.5.11 Code Injection Vulnerability | | Author : indoushka | | Tested o...

NetAlertX 24.9.12 Code Execution

NetAlertX version 24.9.12 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : NetAlertX 24.9.12 PHP Code Injection Vulnerability | | Author : indoushka ...

MITRE Caldera dynamic compilation command injection

Added: 02/28/2025 Background MITRE Caldera is a security platform for emulating adversaries. Problem The dynamic compilation functionality in the Manx and Sandcat agents is affected by an injection vulnerability which could allow remote command execution. Resolution Upgrade to Caldera 5.1.0 or...

CVE-2025-27142

LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the POST /api/localsend/v2/prepare-upload and th...

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604 01. Apache ActiveMQ & OpenWire - 1 Apac...

PT-2025-8982

Name of the Vulnerable Software and Affected Versions Tuoshi/Dionlink LT15D 4G Wi-Fi devices version M7628NNxlSPv2xUI v1.0.1802.10.08 P4 Tuoshi/Dionlink LT21B devices version M7628xUSAxUIv2 v1.0.1481.15.02 P0 Description An issue allows a remote attacker with network access to exploit a command...

Tuoshi LT15D 安全漏洞

Tuoshi LT15D is a wireless router from China's Tuoshi Tuoshi. A security vulnerability exists in the Tuoshi LT15D that originates from the /goform/formJsonAjaxReq endpoint that does not clean up shell metacharacters, allowing an unauthenticated, remote attacker to execute arbitrary OS commands...

CVE-2025-27142

LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the POST /api/localsend/v2/prepare-upload and th...

CVE-2025-27142 LocalSend path traversal vulnerability in the file upload endpoint allows nearby devices to execute arbitrary commands

LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the POST /api/localsend/v2/prepare-upload and th...

The vulnerability of the TMOS Shell configuration tool’s IControl REST interface allows attackers to execute arbitrary commands. This vulnerability relates to the BIG-IP Access Policy Manager, as well as software programs such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe.

The vulnerability of the TMOS Shell configuration tool’s IControl REST interface exists due to the lack of measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the apcli_wps_gen_pincode() function in the mtkwifi.lua script of the TOTOLINK X5000R router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the apcliwpsgenpincode function in the mtkwifi.lua script of the TOTOLINK X5000R router’s software is related to the lack of measures taken to secure input data at the control level. Exploiting this vulnerability could allow an attacker to execute arbitrary commands remotely...

The vulnerability of the setWebWlanIdx() function in TOTOLINK CP900 router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the setWebWlanIdx function in TOTOLINK CP900 router microprogramming software lies in the lack of measures taken to neutralize special elements during the processing of the webWlanIdx parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

CVE-2025-1616

A vulnerability, which was classified as critical, has been found in FiberHome AN5506-01A ONU GPON RP2511. Affected by this issue is some unknown functionality of the component Diagnosis. The manipulation of the argument Destination Address leads to os command injection. The attack may be launche...

CVE-2025-1610

LB-LINK AC1900 Router 1.0.2 is affected by an OS command injection in the websGetVar function of /goform/set_blacklist. The vulnerability stems from manipulating the mac/enable parameter, potentially allowing remote exploitation. The CVE is supported by multiple sources (NVD, Red Hat, CVE lists) ...

jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Critical: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.9 on RHEL 7 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

PT-2025-7699 · Fiberhome · Fiberhome An5506-01A Onu Gpon Rp2511

Name of the Vulnerable Software and Affected Versions: FiberHome AN5506-01A ONU GPON RP2511 affected versions not specified Description: A critical issue has been found in the Diagnosis component of the affected software, where the manipulation of the Destination Address argument leads to os...

The vulnerability of the TestEmail command in the Reolink RLC-410W, C1 Pro, Reolink C2 Pro, RLC-422W, and RLC-511W software-based cameras allows a intruder to execute arbitrary commands.

The vulnerability of the TestEmail command in the Reolink RLC-410W, C1 Pro, Reolink C2 Pro, RLC-422W, and RLC-511W software-based cameras is related to the failure to take measures to neutralize special elements during the processing of the addr1 field. Exploiting this vulnerability can allow a...