TOTOLINK X5000R 操作系统命令注入漏洞

TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. An OS command injection vulnerability exists in TOTOLINK X5000R version 9.1.0cu.2089B20211224, which stems from incorrect operation of the parameter User in the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user, which could...

CVE-2025-56092

OS Command Injection vulnerability in Ruijie X30 PRO V1 X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

CVE-2025-56107

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submitwifi in file /usr/lib/lua/luci/controller/admin/commonquickconfig.lua...

EUVD-2025-202723

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the networksetwanconf in file /usr/lib/lua/luci/controller/admin/netport.lua...

CVE-2025-56130

OS Command Injection vulnerability in Ruijie RG-S1930 S1930SWITCH3.01B11P230 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleupdate in file /usr/local/lua/devconfig/acesw.lua...

CVE-2025-56089

OS Command Injection vulnerability in Ruijie M18 EW3.01B11P226M1810223116 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

CVE-2025-56090

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

CVE-2025-56086

OS Command Injection vulnerability in Ruijie RG-EW1200 EW3.01B11P227EW120011130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

EUVD-2025-202751

OS Command Injection vulnerability in Ruijie RG-RAP2200E 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

PT-2025-50652

Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR600W affected versions not specified Description An issue exists in Ruijie RG-BCR600W that allows attackers to execute arbitrary commands. This is due to an OS Command Injection flaw triggered by a crafted POST request to the chec...

CVE-2025-56088

CVE-2025-56088 affects Ruijie RG-BCR RG-BCR860. The vulnerability is an OS command injection caused by unvalidated input in the action_service endpoint at /usr/lib/lua/luci/controller/admin/service.lua, exploitable via a crafted POST request. Impact as described: arbitrary command execution with ...

PT-2025-50683

Name of the Vulnerable Software and Affected Versions Ruijie X30-PRO version X30-PRO-V1 09241521 Description An issue exists in Ruijie X30-PRO version X30-PRO-V1 09241521 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the module set paramet...

CVE-2025-56129

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the actiondiagnosis in file /usr/lib/lua/luci/controller/admin/diagnosis.lua...

CVE-2025-56089

OS Command Injection vulnerability in Ruijie M18 EW3.01B11P226M1810223116 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

CVE-2025-56083

CVE-2025-56083 affects Ruijie X30-PRO with version X30-PRO-V1_09241521. The vulnerability is an OS Command Injection in the Lua file path /usr/local/lua/dev_sta/nbr_networkId_merge.lua, where unvalidated input to the module_set parameter can allow an attacker to execute arbitrary commands via a c...

Pretty Mail by FriendsOfFlarum 安全漏洞

Pretty Mail by FriendsOfFlarum is an open source tool from Friends of Flarum that allows you to make custom html templates for emails. A security vulnerability exists in Pretty Mail by FriendsOfFlarum version 1.1.2, which stems from a server-side template injection in an email template that could...

PT-2025-50662

Name of the Vulnerable Software and Affected Versions Ruijie X30 PRO V1 X30-PRO-V1 09241521 Description An issue exists in Ruijie X30 PRO V1 X30-PRO-V1 09241521 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the module get function within t...

PT-2025-50675

Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1800GX version B11P226 EW1800GX 10223121 Description An issue exists in Ruijie RG-EW1800GX version B11P226 EW1800GX 10223121 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to th...

PT-2025-50680

Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR RG-BCR860 affected versions not specified Description An issue exists that allows attackers to execute arbitrary commands. This can be achieved by sending a specially crafted POST request to the...

CVE-2025-53949

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated...