PT-2025-50748

Name of the Vulnerable Software and Affected Versions FreePBX version 16 Description FreePBX version 16 contains an authenticated remote code execution issue in the API module. An attacker with valid session credentials can execute arbitrary commands. The issue is exploitable through the...

Siklu MultiHaul TG Series 访问控制错误漏洞

The Siklu MultiHaul TG Series is a series of wireless transmission devices from Siklu designed to provide a reliable high-speed data transmission solution specifically suited for fixed wireless access and connectivity needs in dense urban environments. An Access Control Error vulnerability exists...

FreePBX 操作系统命令注入漏洞

FreePBX formerly known as Asterisk Management Portal is a suite of tools for configuring Asterisk an IP telephony system via a GUI web-based graphical interface from the FreePBX project. An operating system command injection vulnerability exists in FreePBX version 16, which stems from remote code...

CVE-2024-58282 Serendipity 2.5.0 Remote Code Execution via Authenticated Media Upload

Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables...

📄 Zimbra Collaboration Suite Postjournal 10.1.0 Remote Code Execution

Proof of concept for a critical vulnerability exists in the Zimbra Collaboration Suite ZCS PostJournal service that allows attackers to execute arbitrary system commands without authentication. Version 10.1.0 is affected...

Vegeta_Vuln_lab

VegetaVulnlab Overview This lab focuses on core penetrati...

CVE-2025-2486

The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based...

UBUNTU-CVE-2025-2486

The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based...

Ubuntu EDK2 安全漏洞

Ubuntu EDK2 is an open source firmware development kit for Ubuntu. A security vulnerability exists in Ubuntu edk2 that stems from the Secure Boot environment that allows access to the UEFI Shell, which could lead to Secure Boot constraints being bypassed...

CVE-2025-59669

A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data...

CVE-2025-59669

A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data...

CVE-2025-59669

A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data...

EUVD-2025-198011

A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data...

Dell CloudLink Command Execution Vulnerability (CNVD-2025-28523)

Dell CloudLink is a data encryption and key management system from Dell USA. A command execution vulnerability exists in Dell CloudLink, which can be exploited by an attacker to gain shell access to the system...

CVE-2025-45379

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system...

CVE-2025-45379

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system...

CVE-2025-45379

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system...

CVE-2025-45379

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system...

CVE-2025-45379

Dell CloudLink is a data encryption and key management product. CVE-2025-45379 describes a command execution vulnerability where a privileged user with a known password can perform a command injection from the console to gain shell access. Affected versions are prior to 8.2. The issue is describe...

EUVD-2025-37886

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system...