Smartbedded Meteobridge Command Injection Vulnerability

Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges root on affected devices...

CVE-2025-35027

Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi...

CVE-2025-35027 Unitree Multiple Robotic Products Command Injection

Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi...

CVE-2025-60017

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapdrestart.sh wifissid or wifipass parameter within restartwifiap and restartwifista...

CVE-2025-60017

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapdrestart.sh wifissid or wifipass parameter within restartwifiap and restartwifista...

CVE-2025-60017

CVE-2025-60017 affects Unitree Go2, G1, H1 and B2 devices through 2025-09-20. The root cause is a command injection in the hostapd_restart.sh flow, triggered by crafted values for wifi_ssid or wifi_pass used by restart_wifi_ap and restart_wifi_sta. This leads to potential root-level command execu...

CVE-2025-60017

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapdrestart.sh wifissid or wifipass parameter within restartwifiap and restartwifista...

CVE-2025-20338

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments th...

CVE-2025-20338

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments th...

CVE-2025-20334

A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. This vulnerability is due to insufficient input validation. An attacker with administrative privileges...

CVE-2025-20338

CVE-2025-20338 affects Cisco IOS XE Software CLI. The root cause is insufficient validation of user-supplied arguments passed to specific CLI commands, allowing an authenticated administrator (level 15) to craft CLI input that can execute arbitrary commands as root on the device. According to Cis...

CVE-2025-20334

Cisco IOS XE Software HTTP API Command Injection vulnerability (CVE-2025-20334) in the HTTP API subsystem allows an attacker to execute commands with root privileges due to insufficient input validation. A remote attacker with administrative privileges can exploit via an API call with crafted inp...

Cisco IOS XE Software CLI Argument Injection Vulnerability

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments th...

PT-2025-39306

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the Command Line Interface CLI of Cisco IOS XE Software that could allow a local attacker with administrative privileges to execute arbitrary commands as root o...

PT-2025-39305

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the HTTP API subsystem of Cisco IOS XE Software that may allow a remote attacker to inject commands that will execute with root privileges on the underlying...

CVE-2025-37123

A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with root privileges on...

PT-2025-38086

Name of the Vulnerable Software and Affected Versions: HPE Aruba Networking EdgeConnect SD-WAN Gateways affected versions not specified Description: A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run...

CVE-2025-10365 Authentication Bypass in Evertz SDVN

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among...

Linux Distros Unpatched Vulnerability : CVE-2022-42717

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configure...

D-Link DIR-868L 安全漏洞

The D-Link DIR-868L is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-868L B1 FW2.05WWB02 version, which originates from an unauthenticated OS command injection in the fileaccess.cgi component, which could lead to the execution of arbitrary comman...