CVE-2025-57200

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the testmail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

CVE-2025-57198

AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Machine.cgi endpoint. This vulnerability allows attackers to execute arbitrary commands via a crafted input...

PT-2025-48818

Name of the Vulnerable Software and Affected Versions AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 Description The software contains an authenticated command injection issue in the /Machine.cgi API endpoint. Attackers can execute arbitrary commands by providing a crafted input...

PT-2025-48819

Name of the Vulnerable Software and Affected Versions AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 Description The software contains an authenticated command injection flaw in the NetFailDetectD binary. This allows attackers to execute arbitrary commands via a crafted input...

CVE-2025-11786

CVE-2025-11786 affects Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The root cause is in SetUserPassword(): the input parameter newPassword is inserted into a shell command string using sprintf() without sanitisation and then executed with system() . This enables a potential attacker to inject arbitrar...

Improper Neutralization of Special Elements Used in a Template Engine

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the Twig processing feature enabled through page frontmatter. An...

TRENDnet TEW-657BRM Command Injection Vulnerability

The TRENDnet TEW-657BRM is a WiFi router from TRENDnet. The TRENDnet TEW-657BRM suffers from a command injection vulnerability that is caused by a flaw in the setup.cgi binary file. An attacker can exploit this vulnerability to execute arbitrary operating system commands on the system...

CVE-2025-64128

An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could permit attackers to append arbitrary data. This could allow an unauthenticated attacker to inject arbitrary commands...

CVE-2025-64128

CVE-2025-64128 refers to an OS command injection in Zenitel TCIV-3+ caused by incomplete input validation. Public sources in the connected documents identify the affected product as Zenitel TCIV-3+ and indicate that versions prior to 9.3.3.0 are vulnerable (CNNVD). The vulnerability allows an una...

CVE-2025-64127 Zenitel TCIV-3+ OS Command Injection

An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauthenticated attacker to execute arbitrary commands remotely...

CVE-2025-12472

An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for...

TVT NVMS-9000 安全漏洞

The TVT NVMS-9000 is a digital video recorder from China-based Tongwei TVT. A security vulnerability exists in the TVT NVMS-9000 prior to version 1.3.4, which stems from an OS command injection flaw in the inclusion of hardcoded API credentials and configuration services, which could lead to...

CVE-2025-12121

Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function was used in project directory launching core.lua, drag-and-drop file handling rootview.lua, and the “open i...

CVE-2025-12121

Lite XL versions 2.1.8 and earlier are affected by CVE-2025-12121 due to an unsanitized system.exec usage in core.lua (project directory launching), rootview.lua (drag‑and‑drop handling), and treeview.lua (open in system). This allows arbitrary command execution with the Lite XL process privilege...

CVE-2025-12121 CVE-2025-12121

Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function was used in project directory launching core.lua, drag-and-drop file handling rootview.lua, and the “open i...

TencentOS Server 3: emacs (TSSA-2023:0098)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0098 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2025-12472

An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for...

Google Cloud Looker 安全漏洞

Google Cloud Looker is an online tool from Google USA for transforming data into customizable and informative reports and dashboards. A security vulnerability exists in Google Cloud Looker that stems from the Looker Developer role that can manipulate LookML projects to take advantage of competing...

VulnCheck KEV: CVE-2024-12912

An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary command execution. Refer to the '01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information...

HPE Aruba Networking 100 Series Cellular Bridge 安全漏洞

The HPE Aruba Networking 100 Series Cellular Bridge is a 5G/4G mobile network wireless bridge device from HPE America. A security vulnerability exists in the HPE Aruba Networking 100 Series Cellular Bridge that stems from a command injection vulnerability in the command line interface that could...