CVE-2025-34163

Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable scripts such as .ashx, via a crafted multipart/form-data POST reques...

CVE-2019-12593

creationtimestamp| type| source ---|---|--- 2025-08-20 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-08-20 2025-08-20 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-08-20 2026-06-08 00:00:00+00:00| exploited| The Shadowserver...

CVE-2023-34105

creationtimestamp| type| source ---|---|--- 2025-08-17 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-08-17 2025-08-19 21:02:31+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lwrsq2jwkz2c 2025-10-16 00:00:00+00:00| seen| The Shadowserver...

CVE-2018-13307

creationtimestamp| type| source ---|---|--- 2025-08-12 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-08-12 2025-08-25 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-08-25 2025-12-05 00:00:00+00:00| seen| The Shadowserver...

VulnCheck KEV: CVE-2025-34068

An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are...

CVE-2020-35580

creationtimestamp| type| source ---|---|--- 2025-07-14 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-07-14 2026-06-07 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2026-06-07...

CVE-2014-1677

creationtimestamp| type| source ---|---|--- 2025-07-02 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-07-02 2025-07-03 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-07-03 2025-07-04 00:00:00+00:00| seen| The Shadowserver...

VulnCheck KEV: CVE-2025-34059

An SQL injection vulnerability exists in the Dahua Smart Cloud Gateway Registration Management Platform via the username parameter in the /index.php/User/doLogin endpoint. The application fails to properly sanitize user input, allowing unauthenticated attackers to inject arbitrary SQL statements...

CVE-2025-34044

A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation eviden...

VulnCheck KEV: CVE-2025-34048

A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN1.02, SEA1.04, and SEA1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI...

VulnCheck KEV: CVE-2025-34044

A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation eviden...

CVE-2025-34031

A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the filegetcontents function without proper validation, allowing attackers to read arbitrary files from the server's filesystem ...

VulnCheck KEV: CVE-2025-34033

An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded Linux devices via the pingaddr parameter in the webctrl.cgi script. The application fails to properly sanitize input before passing it to the system-level ping command. An authenticated attacker can...

VulnCheck KEV: CVE-2025-34034

A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege...

CVE-2025-34024

An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacter...

CVE-2025-34029

An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell...

CVE-2025-25038

An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to...

CVE-2021-24442

creationtimestamp| type| source ---|---|--- 2025-06-06 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-06-06 2025-06-07 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-06-07 2025-06-08 00:00:00+00:00| seen| The Shadowserver...

CVE-2020-10548

creationtimestamp| type| source ---|---|--- 2025-06-04 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-06-04 2025-06-06 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-06-06 2026-03-17 00:00:00+00:00| exploited| The...

CVE-2023-34659

creationtimestamp| type| source ---|---|--- 2025-05-30 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-05-30 2025-07-07 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-07-07 2025-11-09 00:00:00+00:00| exploited| The...