PT-2025-4597 · Coolify · Coolify

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to 4.0.0-beta.361 Description: The issue allows any authenticated user to escalate their or other team members' privileges to any role, including the owner role. This also enables the attacker to kick every other member...

SonicWall SMA 1000 Series < 12.4.3-02854 Pre-authentication Remote Command Execution (SNWLID-2025-0002)

The remote host is a SonicWall SMA 1000 Series device that may be affected by a pre-authentication remote command execution vulnerability: - Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console AMC and Central Managemen...

Coolify 安全漏洞

Coolify is an open source and self-hosted alternative to Heroku/Netlify/Vercel. coolLabs Coolify suffers from a remote command execution vulnerability that can be exploited by an attacker to execute arbitrary commands on a victim's server...

PT-2025-4598 · Coolify · Coolify

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to 4.0.0-beta.374 Description: The issue allows an authenticated user to retrieve any existing private keys on a Coolify instance in plain text due to missing authorization. If the server configuration of IP/domain, por...

The vulnerability of the sub_422eb8 function in Linksys E8450 Wi-Fi router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the sub422eb8 function in Linksys E8450 Wi-Fi routers’ microprogramming software is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the kubelet utility, a management tool for clusters of virtual machines in Kubernetes, for Windows operating systems allows a hacker to execute arbitrary commands.

The vulnerability of the kubelet utility in the Kubernetes cluster management software for Windows operating systems is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

SonicWall SMA1000 Appliances Deserialization Vulnerability

SonicWall SMA1000 Appliance Management Console AMC and Central Management Console CMC contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands...

Vulnerability fixed in SonicWall SMA1000 Appliance

SonicWall has fixed a vulnerability in the SMA1000 Appliance Management Console and Central Management Console. The vulnerability is located in the SMA1000 Appliance Management Console and Central Management Console, which allows remote, unauthenticated attackers to execute arbitrary OS commands...

CVE-2025-23006

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console AMC and Central Management Console CMC, which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands...

CVE-2025-23006

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console AMC and Central Management Console CMC, which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands...

CVE-2025-23006

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console AMC and Central Management Console CMC, which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands...

CVE-2025-23006

Summary (CVE-2025-23006): SonicWall SMA1000 appliances’ Appliance/Central Management Console suffer a pre-authentication deserialization vulnerability that could allow a remote unauthenticated attacker to execute arbitrary OS commands. Exploitation and CVSS indicate critical risk (AV:N/AC:L/PR:N/...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Apache Tomcat

CVE-2024-50379-Exploit This repository provides a Python scri...

CVE-2025-23006

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console AMC and Central Management Console CMC, which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. Rece...

SMA1000 Pre-Authentication Remote Command Execution Vulnerability

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console AMC and Central Management Console CMC, which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS...

VulnCheck KEV: CVE-2025-23006

SonicWall SMA1000 Appliance Management Console AMC and Central Management Console CMC contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands...

The vulnerability of the hnap_main function in the D-LINK GO-RT-AC750 router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the hnapmain function in the D-LINK GO-RT-AC750 router’s microprogramming software is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary comman...

The vulnerability of the setVpnAccountCfg function in the microprogramming software for TOTOLINK X5000R allows a perpetrator to execute arbitrary commands.

The vulnerability of the setVpnAccountCfg function in TOTOLINK X5000R router microprogramming software lies in the lack of measures to neutralize special elements used in the operating system’s processing of the limit parameter. Exploiting this vulnerability allows a remote attacker to execute...

Exploit for Server-Side Request Forgery in Havocframework Havoc

CVE-2024-41570 | Havoc C2 SSRF with RCE | Automated Reverse Sh...

The vulnerability of the graphical interface of the Fortinet FortiManager software, a centralized device management tool, allows a hacker to execute arbitrary commands.

The vulnerability of the graphical interface of the Fortinet FortiManager device management software is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...