CVE-2025-40761

CVE-2025-40761 affects multiple Siemens RUGGEDCOM ROX devices (MX5000/MX5000RE, RX1400, RX1500/1501/1510/1511/1512/1524/1536, RX5000). The root cause is improper restriction of access through Built-In-Self-Test (BIST) mode, allowing a physically proximate attacker with serial access to bypass aut...

PT-2025-32658

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM ROX MX5000 affected versions not specified RUGGEDCOM ROX MX5000RE affected versions not specified RUGGEDCOM ROX RX1400 affected versions not specified RUGGEDCOM ROX RX1500 affected versions not specified RUGGEDCOM ROX RX1501 affecte...

CVE-2025-48709

BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on,...

CVE-2025-50286

A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...

CVE-2025-50286

A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...

CVE-2013-10069 D-Link Devices Unauthenticated RCE

The web interface of multiple D-Link routers, including DIR-600 rev B ≤2.14b01 and DIR-300 rev B ≤2.13, contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to...

FIRSTNUM JC21A-04 安全漏洞

The FIRSTNUM JC21A-04 is a router from the Chinese company FIRSTNUM. A security vulnerability exists in the FIRSTNUM JC21A-04 version 2.01ME/FN and prior versions, which stems from the SSH service being enabled by default and using root/admin credentials...

CVE-2013-10050

An OS command injection vulnerability exists in multiple D-Link routers confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13 via the authenticated toolsvct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid...

CVE-2025-50777

The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera version V1.00.02 contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Once accessed, the device exposes critical data including Wi-Fi credentials and ONVIF service...

PT-2025-31430 · Aziot · Aziot 2Mp Full Hd Smart Wi-Fi Cctv Home Security Camera

Name of the Vulnerable Software and Affected Versions: AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera version V1.00.02 Description: The firmware contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Successful exploitation exposes...

AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera 安全漏洞

AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera is an indoor smart surveillance device from AZIOT India. A security vulnerability exists in AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera version V1.00.02, which stems from improper access control and could lead to a local attacker...

CVE-2025-29629

Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 uses weak default credentials for secure shell access. This may result in attackers gaining access to exposed Gardyn Home Kits...

CVE-2025-46116

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command !v54! via a management API call and then invoke it t...

PT-2025-29911 · Maxkb · Maxkb

Name of the Vulnerable Software and Affected Versions: MaxKB versions prior to 2.0.0 Description: MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because the software only restricts the execution permissions of files in a...

Google ChromeOS Elevation of Privilege Vulnerability

Google ChromeOS is an operating system from the American company Google. Google ChromeOS suffers from an elevation of privilege vulnerability that originates from debug shell accessibility, which can be exploited by an attacker to access restricted system functions and data via elevation of...

CVE-2025-34075

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initially assigned to document an issues that allows guest VM to modify the host’s Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended...

HashiCorp Vagrant has code injection vulnerability through default synced folders

An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant versions 2.4.6 and below when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant or C:\vagrant on Windows. Thi...

CVE-2025-53260

Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects File Manager Plugin For Wordpress: from n/a through = 7.5...

📄 SIMCom SIM7600G Modem Undocumented Root Shell Access

The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands. SEC Consult...

CVE-2025-6177 ChromeOS MiniOS Root Code Execution Bypass While Dev Mode Blocked

Privilege Escalation in MiniOS in Google ChromeOS 16063.45.2 and potentially others on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell VT3 console accessible through specific key combinations during developer mode entry and MiniOS access, even whe...