The vulnerability in the web interface for controlling microprogrammed software-based network storage devices STEALTHONE D220, D340, and D440 allows a perpetrator to execute arbitrary commands.

The vulnerability of the web-based interface for managing microprogrammed software-based network storage devices STEALTHONE D220, D340, and D440 is related to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows ...

The vulnerability of the latex_pickle_io.py module in the GPT Academic machine learning application allows a hacker to execute arbitrary commands.

The vulnerability of the latexpickleio.py module in the GPT Academic machine learning application is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

VulnCheck KEV: CVE-2024-40891

Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet...

The vulnerability of the microprogrammed software for the STEALTHONE D220 and D340 network storage devices arises from the lack of measures taken to neutralize the special elements used in the operating system’s command set. This allows a hacker to execute arbitrary commands.

The vulnerability of the microprogrammed network storage systems STEALTHONE D220 and D340 is related to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2025-22604 Cacti has Authenticated RCE via multi-line SNMP responses

Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ssnetsnmpdiskio or ssnetsnmpdiskbytes, a part of each OID will be used as a key in an array that is...

The vulnerability of the telnetd daemon in the microprogramming-based router software of Tenda AC8, AC10, and AC18 allows a hacker to execute arbitrary commands.

The vulnerability of the telnetd microprogramming system for Tenda AC8, AC10, and AC18 routers is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the IBM Sterling Secure Proxy proxy server stems from the improper validation of specified input types, allowing attackers to execute arbitrary commands.

The vulnerability of the IBM Sterling Secure Proxy proxy server is related to incorrect validation of the specified data type during input processing. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...

TRENDnet TEW-632BRP 安全漏洞

The TRENDnet TEW-632BRP is a wireless router from Trendnet, Inc. A security vulnerability exists in TRENDnet TEW-632BRP version 1.010B31, which originates from an OS command injection vulnerability in the CGl interface ntpsync.cgi, which allows remote attackers to execute arbitrary commands...

CVE-2025-22612

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve any existing private keys on a coolify instance in plain text. If the server configuration of IP ...

CVE-2025-22612 Coolify Vulnerable to Private Key Enumeration on Onboarding resulting in Remote Command Execution (RCE)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve any existing private keys on a coolify instance in plain text. If the server configuration of IP ...

CVE-2025-22612 Coolify Vulnerable to Private Key Enumeration on Onboarding resulting in Remote Command Execution (RCE)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve any existing private keys on a coolify instance in plain text. If the server configuration of IP ...

CVE-2025-22612

CVE-2025-22612 affects Coolify prior to 4.0.0-beta.374. The issue is due to missing authorization, allowing an authenticated user to retrieve private keys in plain text and, if the victim’s server configuration (IP/domain, port, user) matches, to execute arbitrary commands on the remote server. V...

CVE-2025-22611 Coolify vulnerable to Privilege Escalation resulting in Remote Command Execution (RCE)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, including the owner role. He's also able t...

CVE-2025-22611 Coolify vulnerable to Privilege Escalation resulting in Remote Command Execution (RCE)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, including the owner role. He's also able t...

CVE-2025-22611

Coolify before 4.0.0-beta.361 is affected by an elevation of privilege due to missing authorization, allowing any authenticated user to escalate privileges to any role (including owner) and remove other members (admins/owners). This also enables access to the Terminal feature to execute remote co...

CVE-2025-22611 Coolify vulnerable to Privilege Escalation resulting in Remote Command Execution (RCE)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, including the owner role. He's also able t...

CVE-2025-22609 Coolify Vulnerable to Private Key Hijacking / Remote Command Execution (RCE)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to attach any existing private key on a coolify instance to his own server. If the server configuration of I...

CVE-2025-22609 Coolify Vulnerable to Private Key Hijacking / Remote Command Execution (RCE)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to attach any existing private key on a coolify instance to his own server. If the server configuration of I...

CVE-2025-22609

Coolify (open-source self-hosted) is affected for all versions prior to 4.0.0-beta.361. The issue is a missing authorization that allows any authenticated user to attach an existing private key from a Coolify instance to their own server. If the attacker’s target server configuration (IP/domain, ...

CVE-2025-22609 Coolify Vulnerable to Private Key Hijacking / Remote Command Execution (RCE)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to attach any existing private key on a coolify instance to his own server. If the server configuration of I...