CVE-2025-55075

Hidden functionality issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, SSH may be enabled by a remote authenticated attacker...

CVE-2025-55075

CVE-2025-55075 affects I-O DATA WN-7D36QR and WN-7D36QR/UE. A hidden functionality issue may allow a remote authenticated attacker to enable SSH. Impact is that SSH could be enabled remotely (no user interaction required). The issue is exploitable over the network with privileges required as High...

CVE-2025-37127

A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system, potentially...

CVE-2025-37127

CVE-2025-37127 affects HPE Aruba Networking EdgeConnect SD-WAN Gateways. The vulnerability arises from flaws in the cryptographic logic, allowing an authenticated remote attacker to gain shell access and potentially execute arbitrary OS commands, leading to unauthorized control of the affected sy...

CVE-2025-37127 Authenticated Replay Attack contains Cryptographic Vulnerability

A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system, potentially...

CVE-2025-37127 Authenticated Replay Attack contains Cryptographic Vulnerability

A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system, potentially...

PT-2025-38087

Name of the Vulnerable Software and Affected Versions: HPE Aruba Networking EdgeConnect SD-WAN Gateways affected versions not specified Description: A flaw exists in the cryptographic logic of the software that may allow an authenticated remote attacker to gain shell access. Successful exploitati...

CVE-2025-9996

CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session...

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

This is a PoC exploit for CVE-2021-36260, a command injection vulnerability in the web server of some Hikvision product. The vulnerability allows an attacker to launch a command injection attack by sending malicious commands to the device. The exploit is implemented in Python and provides several...

PT-2025-36260

Name of the Vulnerable Software and Affected Versions: PTZOptics and ValueHD-based pan-tilt-zoom cameras affected versions not specified Description: PTZOptics and ValueHD-based pan-tilt-zoom cameras utilize hard-coded, default administrative credentials. These credentials can be easily...

CVE-2025-52548

E3 Site Supervisor Control firmware version 2.31F01 contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the...

CVE-2025-36729

A non-primary administrator user with admin rights to the web interface but without shell access permissions can display configuration of the device including the master admin password. This vulnerability also allows the user to give themselves shell access with the root gid...

CVE-2025-36729

The connected sources confirm CVE-2025-36729 concerns RACOM M!DGE2 devices where a non-primary administrator with web-interface rights (no shell access) can view device configuration, exposing the master admin password, and can escalate to shell access with root gid. The root cause is improper pe...

CVE-2025-25734

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process...

CVE-2025-50753

Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell.The command "deviceinfo show file" is supposed to be used from restricted shell to show files and directories. By providing " /bin/sh" quotes included to the argument of this command will drop a...

Mitrastar GPT-2741GNAC-N2 安全漏洞

Mitrastar GPT-2741GNAC-N2 is a home gateway device from China-based Allied Technology Mitrastar. A security vulnerability exists in the Mitrastar GPT-2741GNAC-N2 that originates from a root shell that can be obtained via specific command parameters...

CVE-2025-36120

IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources...

CVE-2025-36120

CVE-2025-36120 affects IBM Storage Virtualize 8.4–8.7 and can allow an authenticated user to escalate privileges in an SSH session due to incorrect authorization checks when accessing resources. The IBM Security Bulletin details the vulnerability under CWE-863 (Incorrect Authorization) and lists ...

EulerOS 2.0 SP13 : grub2 (EulerOS-SA-2025-1976)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.CVE-2024-49504 Tenable has extracted the preceding...

EulerOS 2.0 SP13 : grub2 (EulerOS-SA-2025-1990)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.CVE-2024-49504 Tenable has extracted the preceding...