The vulnerability of the TestEmail command in the Reolink RLC-410W, C1 Pro, Reolink C2 Pro, RLC-422W, and RLC-511W software-based cameras allows a intruder to execute arbitrary commands.

The vulnerability of the TestEmail command in the Reolink RLC-410W, C1 Pro, Reolink C2 Pro, RLC-422W, and RLC-511W software-based cameras is related to the failure to take measures to neutralize special elements during the processing of the addr1 field. Exploiting this vulnerability can allow a...

The vulnerability of D-Link DSL-3782 router microprogramming software, related to the lack of measures to neutralize special elements, allows a hacker to execute arbitrary commands.

The vulnerability of D-Link DSL-3782 router’s microprogramming software is related to the lack of measures taken to neutralize special elements during the processing of the publictype parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Siemens SCALANCE W700 Improper Input Validation (CVE-2025-24499)

Affected devices do not properly validate input while loading the configuration files. This could allow an authenticated remote attacker to execute arbitrary shell commands on the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

CVE-2025-25507

There is a RCE vulnerability in Tenda AC6 15.03.05.16multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution...

CVE-2025-25507

There is a RCE vulnerability in Tenda AC6 15.03.05.16multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution...

CVE-2025-25507

There is a RCE vulnerability in Tenda AC6 15.03.05.16multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution...

CVE-2025-25507

There is a RCE vulnerability in Tenda AC6 15.03.05.16multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution...

CVE-2025-25507

CVE-2025-25507 affects Tenda AC6, specifically version 15.03.05.16_multi. The vulnerability is an RCE in the formexeCommand function where the cmdinput parameter enables remote command execution. This is corroborated by multiple sources in the connected set (e.g., PT-2025-7557 notes the RCE in fo...

Malicious code in mygcpconfusedfunctionpoctestpackage (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d791e46a1741fda065be23dc9ee80e6237ac32eeee9718c46c2f50070d84c30f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability in the web interface of the Cisco AsyncOS operating system allows a hacker to escalate their privileges and execute arbitrary commands.

The vulnerability of the Cisco AsyncOS operating system’s web interface is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary commands remotely...

The vulnerability of the sub_422eb8() function in Linksys E8450 Wi-Fi router software allows a hacker to execute arbitrary commands.

The vulnerability of the sub422eb8 function in Linksys E8450 Wi-Fi routers’ microprogrammed software is related to the lack of measures taken to neutralize special elements used in the operating system’s command processing for handling the wizardstatus parameter. Exploiting this vulnerability...

The vulnerability of the CGI script VirtualServer.asp in the microprogramming software for D-Link DSL-3782 allows a hacker to execute arbitrary commands.

The vulnerability of the CGI script VirtualServer.asp in the D-Link DSL-3782 router microprogramming system is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the setL2tpServerCfg() function in the cstecgi.cgi script of the TOTOLINK X5000R router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the setL2tpServerCfg function in the cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s command processing when dealing with parameters such as mtu...

PT-2025-6919 · Synway · Synway Smg Gateway Management

Name of the Vulnerable Software and Affected Versions: Synway SMG Gateway Management Software up to 20250204 Description: A critical issue affects the processing of the file 9-12ping.php in Synway SMG Gateway Management Software. The manipulation of the retry argument leads to command injection...

Malicious code in sysaid-infra-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32067df7060881cbe716c03dd7dc8c3b443263f314412e89e99a435622227b1e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

D-Link DSL-3782 安全漏洞

The D-Link DSL-3782 is a wireless router from AUO. The D-Link DSL-3782 suffers from an OS command injection vulnerability that stems from the handling of the publictype parameter, which can be exploited by an attacker to submit a special request and execute arbitrary commands...

F5 BIG-IP Remote Command Injection Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. F5 BIG-IP suffers from a remote command injection vulnerability that stems from the application failing to properly filter...

Cisco AsyncOS Input Validation Error Vulnerability (CNVD-2025-03529)

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. An input validation error vulnerability exists in Cisco AsyncOS, which stems from insufficient validation of an XML configuration file, and can be exploited by an authenticated remote attacker to upload specially crafted files...

The vulnerability of the mySCADA myPRO Manager platform, which exists due to the failure to take measures to neutralize certain elements, allows a perpetrator to execute arbitrary commands.

The vulnerability of the mySCADA myPRO Manager platform exists due to the failure to take measures to neutralize certain elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

D-Link DIR-825 Command Injection Vulnerability

The D-Link DIR-825 is a router from China's AUO D-Link. A command injection vulnerability exists in the DLINK DIR-825 REVB version 2.03, which originates from a failure to properly filter construct command special characters, commands, etc. in the CGl interface apcclientpin.cgi. A remote attacker...