690 matches found
CVE-2025-34152 Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via Time Parameter
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...
CVE-2025-34152 Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via Time Parameter
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...
EUVD-2025-23927
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...
CVE-2025-34152
The CVE-2025-34152 entry concerns the Shenzhen Aitemi M300 Wi‑Fi Repeater (MT02). The vulnerability is an unauthenticated OS command injection exposed via the time parameter of the /protocol.csp? endpoint. Reported impact is remote code execution with root privileges without requiring authenticat...
PT-2025-32277 · Aitemi · Aitemi M300 Wi-Fi Repeater
Name of the Vulnerable Software and Affected Versions: Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 Description: An unauthenticated OS command injection vulnerability exists via the time parameter of the /protocol.csp? API endpoint. The input is processed by the internal date '-s'...
The vulnerability of the setuptools project’s packaging simplification library arises from an incorrect limitation on the path to the restricted-access directory. This allows a malicious actor to compromise the vulnerable system.
The vulnerability of the setuptools project’s packaging simplification library is related to an incorrect restriction on the path name for the restricted access directory. Exploiting this vulnerability could allow a malicious actor to compromise the vulnerable system remotely...
Malicious code in ncftp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4bc7a5d34f3860004cbdbf4f622418fa2383dd3ba5ebff2ed2074a4a13d1b85d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-24489
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller...
CVE-2021-2075
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Samples. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP...
ROS-20250403-08
A vulnerability in the crun open source OCI container runtime environment is related to an insecure reference following in .krunconfig.json. Exploitation of the vulnerability could allow an attacker acting remotely to compromise a vulnerable system...
The vulnerability of the aiohttp HTTP client, related to issues with symbolic links when processing static routes that contain files with compressed variants in the FileResponse class, allows a hacker to compromise the vulnerable system.
The vulnerability of the aiohttp HTTP client is related to problems with symbolic links when processing static routes that contain files with compressed variants in the FileResponse class. Exploiting this vulnerability can allow an attacker to compromise the vulnerable system remotely...
CVE-2024-13086
An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: QTS 5.2.0.2851 build 20240808 and later...
QNAP Systems QTS和QNAP Systems QuTS hero 信息泄露漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are both products of China's Weilian Technology QNAP Systems.QNAP Systems QTS is an entry operating system.QNAP Systems QuTS hero is an operating system. QNAP Systems QTS and QNAP Systems QuTS hero have an information disclosure vulnerability that...
I-net Software HelpDesk 信任管理问题漏洞
I-net Software HelpDesk is a suite of service management helpdesk software from I-net Software, Germany. A trust management issue vulnerability exists in I-net Software HelpDesk versions prior to 3.3.3 that stems from improper certificate validation, which could allow a remote attacker to...
Malicious code in al-schematics (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa23abde2f15732ece6a95eca8e1692816abedb8fe470840b8d8fd6c1121f18d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in semaphore-airdrop (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 99b7eadcb670e486e35e76a1c370a0443751d963b957d3e0ddd590e221703079 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in telegramclient-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 544758d4b45ebd5665b1bb9b068290cad56fe4f586df9ae5491321a32733dd26 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
VulnCheck KEV: CVE-2025-21535
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle...
Malicious code in webpack-inline-constant-exports-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb8ae870fad74826ac57af33f27bdbe9e74f667ec62aac01b5c9e55a47d36001 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2025-4290 · Oracle · Oracle Hyperion Data Relationship Management
Name of the Vulnerable Software and Affected Versions: Oracle Hyperion Data Relationship Management version 11.2.19.0.000 Description: The issue is related to the Web Services component of Oracle Hyperion Data Relationship Management, allowing a high-privileged attacker with network access via HT...