Flexsense DiskBoss 缓冲区错误漏洞

Flexsense DiskBoss is a disk management tool from Flexsense USA. A buffer error vulnerability exists in Flexsense DiskBoss version 7.7.14, which stems from a local buffer overflow in the Input Directory component, which could allow an unauthenticated attacker to execute arbitrary code...

CVE-2025-66572

Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...

CVE-2025-66576 Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)

Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution...

CVE-2025-66572 Loaded Commerce 6.6 Client-Side Template Injection (CSTI)

Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...

CVE-2025-66572

Loaded Commerce 6.6 contains a client-side template injection vulnerability via the search parameter that allows unauthenticated attackers to execute arbitrary code in the victim's browser context when they visit a crafted URL...

Remotecontrolio Remote Keyboard Desktop 操作系统命令注入漏洞

Remotecontrolio Remote Keyboard Desktop is a remote control application from Remotecontrolio. An operating system command injection vulnerability exists in Remotecontrolio Remote Keyboard Desktop version 1.0.1, which stems from a flaw in the rundll32.exe export function that could lead to...

PT-2025-49152

Name of the Vulnerable Software and Affected Versions Remote Keyboard Desktop version 1.0.1 Description The software allows remote attackers to execute system commands. This is possible through the rundll32.exe exported function export, leading to unauthenticated code execution. Recommendations A...

PT-2025-49140

Name of the Vulnerable Software and Affected Versions Loaded Commerce version 6.6 Description Loaded Commerce version 6.6 has a client-side template injection issue. This allows unauthenticated attackers to execute code on the server through the search parameter. The issue allows for code...

CVE-2024-32641 Masa CMS Vulnerable to Pre-Auth RCE via JSON API

Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 are vulnerable to remote code execution. The vulnerability exists in the addParam function, which accepts user input via the criteria parameter. This input is subsequently...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

F5 BIG-IP CVE-2023-46747 - Unauthenticated RCE + Auto Reverse...

PT-2025-48031

Name of the Vulnerable Software and Affected Versions mJobtime version 15.7.2 Description The software handles authorization on the client side, allowing an attacker to modify the client-side code and gain access to administrative features. Attackers can craft requests based on the modified...

PT-2025-48032

Name of the Vulnerable Software and Affected Versions mJobtime version 15.7.2 Description A blind SQL Injection SQLi issue exists in mJobtime version 15.7.2. An unauthenticated attacker can execute arbitrary SQL statements by sending a specially crafted POST request to the /Default.aspx/update...

PT-2025-47527

Name of the Vulnerable Software and Affected Versions D-Link Router DIR-868L version FW106KRb01 Description The D-Link Router DIR-868L version FW106KRb01 contains a remote code execution issue in the cgibin binary. The HNAP service within cgibin does not properly filter the HTTP SOAPAction header...

PT-2025-46663

Name of the Vulnerable Software and Affected Versions N-central Software Probe versions prior to 2025.4 Description The N-central Software Probe is susceptible to Remote Code Execution through deserialization. No authentication is required for exploitation. Recommendations Update to a version of...

WatchGuard Firebox Out-of-Bounds Write Vulnerability

WatchGuard Firebox contains an out-of-bounds write vulnerability in the OS iked process that may allow a remote unauthenticated attacker to execute arbitrary code...

CVE-2022-50589

SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code...

PT-2025-45096

Name of the Vulnerable Software and Affected Versions BMC Control-M/Agent affected versions not specified Description The Control-M/Agent is susceptible to unauthenticated remote code execution, arbitrary file read and write, and other unauthorized actions when mutual SSL/TLS authentication is no...

Vulnerability fixed in WatchGuard Fireware OS

WatchGuard has fixed a vulnerability in Fireware OS Specific to certain VPN configurations. The vulnerability is in the way Fireware OS handles Out-of-bounds Write. This allows a malicious, unauthenticated attacker to execute arbitrary code. This could lead to serious consequences for affected...

CVE-2025-34513

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbusbuildfromcsv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...

CVE-2025-34512

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting XSS vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 t...