Dell CloudLink 操作系统命令注入漏洞

Dell CloudLink is a data encryption and key management system from Dell USA. A command execution vulnerability exists in Dell CloudLink, which can be exploited by an attacker to gain shell access to the system...

PT-2025-45136

Name of the Vulnerable Software and Affected Versions Dell CloudLink versions prior to 8.2 Description Dell CloudLink versions prior to 8.2 have an issue where a user with necessary privileges and knowledge of the password can execute commands through the console, potentially gaining shell access...

CVE-2025-64348 ELOG configuration file authorization bypass

ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not configured to allow...

CVE-2025-11906

A vulnerability exists in Progress Flowmon versions prior 12.5.6 where certain system configuration files have incorrect file permissions, allowing a user with access to the default flowmon system user account used for SSH access to potentially escalate privileges to root during service...

EUVD-2025-36728

On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges...

PT-2025-44153

Name of the Vulnerable Software and Affected Versions TropOS 4th Gen affected versions not specified Description An authenticated user with the ability to run user level shell commands can enable access via secure shell SSH to an unrestricted root shell by making minor configuration changes to th...

CVE-2025-59459

An attacker that gains SSH access to an unprivileged account may be able to disrupt services including SSH, causing persistent loss of availability...

Siemens RUGGEDCOM ROS Devices Protection Mechanism Failure (CVE-2025-41224)

The affected products do not properly enforce interface access restrictions when changing from management to non-management interface configurations until a system reboot occurs, despite configuration being saved. This could allow an attacker with network access and credentials to gain access to...

CVE-2025-58428

The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. This could allow the attacker to achieve remote...

CVE-2025-11534

The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials...

CVE-2025-41110

CVE-2025-41110 affects Ghost Robotics Vision 60, specifically APK v0.27.2. The issue arises from an authorization flaw in the ROS 2 stack, permitting connections to the robot’s WiFi and SSH without authentication. Consequences stated across sources include data exposure and full control of the ro...

PT-2025-43061

Name of the Vulnerable Software and Affected Versions Ghost Robotics Vision 60 version 0.27.2 Description The Ghost Robotics Vision 60 APK version 0.27.2 contains exposed encrypted WiFi and SSH credentials. An attacker can connect to the robot’s WiFi network and access all its data, as the system...

GHSA-6WH5-MW9H-5C3W Shopware vulnerable to path traversal via Plugin upload

Impact Malicious actors can exploit this vulnerability to write files within arbitrary directories on the filesystem of the Shopware web container. This could allow them to gain persistent shell access by uploading a PHP-shell file to an accessible folder. It is important to note that this...

CVE-2025-11534

The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials...

EUVD-2025-35193

The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials...

CVE-2025-11534 Authentication Bypass Using an Alternate Path or Channel in Raisecomm RAX701-GC Series

The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials...

CVE-2025-11534 Authentication Bypass Using an Alternate Path or Channel in Raisecomm RAX701-GC Series

The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials...

CVE-2025-11534

The CVE-2025-11534 vulnerability affects Raisecom Raisecomm RAX701-GC-WP-01 devices, where the SSH daemon (a custom Dropbear fork) can bypass authentication via an undocumented auxiliary path (port 2222) and expose a raw command channel, granting unauthenticated root shell access. Exploitation re...

Raisecomm RAX701-GC Series

RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication and gain unauthenticated root shell access to the affected devices. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

Raisecomm RAX701-GC-WP-01 P200R002C52和Raisecomm RAX701-GC-WP-01 P200R002C53 安全漏洞

The Raisecomm RAX701-GC-WP-01 P200R002C52 and the Raisecomm RAX701-GC-WP-01 P200R002C53 are both intelligent network node terminals from a Chinese Raisecomm company. A security vulnerability exists in the Raisecomm RAX701-GC-WP-01 P200R002C52 and the Raisecomm RAX701-GC-WP-01 P200R002C53, which...