MyScreenTools 安全漏洞

MyScreenTools is a Windows screen tool by luotengyuan individual developer. A security vulnerability exists in MyScreenTools version v2.2.1.0, which stems from an improperly cleaned file path that could lead to the execution of arbitrary system commands...

PT-2025-47179

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The software contains a flaw related to improper neutralization of special elements used in an OS command, potentially leading to OS command injection. This iss...

GHSA-4M32-CJV7-F425 AstrBot is vulnerable to RCE with hard-coded JWT signing keys

Summary AstrBot uses a hard-coded JWT signing key, allowing attackers to execute arbitrary commands by installing a malicious plugin. Details AstrBot uses a hard-coded JWT signing key, which allows attackers to bypass the authentication mechanism. Once bypassed, the attacker can install a Python...

CVE-2025-60676

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed...

ZOHO ManageEngine Applications Manager Command Injection Vulnerability

ZOHO ManageEngine Applications Manager is a set of IT operation and maintenance management solutions of the United States ZhuoHao ZOHO company. The product has application performance management, fault management, report generation and SLA management and other functions. A command injection...

PT-2025-47033

Name of the Vulnerable Software and Affected Versions AstrBot version 3.5.15 Description The software uses a hard-coded private key, "Advanced System for Text Response and Bot Operations Tool", to sign JSON Web Tokens JWT, which are compact, URL-safe means of representing claims to be transferred...

CVE-2025-60687

An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619B20230130 within the cstecgi.cgi binary sub41EC68 function. The binary reads the "imei" parameter from a web request and verifies only that it is 15 characters long. The parameter is the...

TOTOLINK A950RG 安全漏洞

TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK that supports high-speed network connectivity and multi-device management. The TOTOLINK A950RG suffers from a command injection vulnerability that stems from a failure to properly filter construct...

TOTOLINK LR1200GB 安全漏洞

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's TOTOLINK Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks. The TOTOLINK LR1200GB suffers from a command injection vulnerability that stems from the cstecgi.cgi binary file failing to properly filter...

CVE-2025-60675

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /tmp/newqos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated...

CVE-2024-32011

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as administrative application use...

NETGEAR RAX30和NETGEAR RAXE300 安全漏洞

NETGEAR RAX30 and NETGEAR RAXE300 are both products of NETGEAR, Inc.NETGEAR RAX30 is a dual-band wireless router.NETGEAR RAXE300 is a wireless router. A security vulnerability exists in the NETGEAR RAX30 and RAXE300 that stems from improper certificate validation in the firmware update logic, whi...

CVE-2025-43079

CVE-2025-43079 concerns Qualys Cloud Agent where the bundled uninstall script qagent_uninstall.sh (Mac/Linux) executes multiple system commands without absolute paths and without sanitizing $PATH. The root cause is reliance on manipulated PATH, enabling a privileged user (root/sudo) with elevated...

CVE-2025-20354

A vulnerability in the Java Remote Method Invocation RMI process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper authentication mechanis...

USN-7859-1: Django vulnerabilities

It was discovered that Django incorrectly handled certain characters in queries. An attacker could possibly use this issue to execute arbitrary SQL commands...

Red Hat Satellite 安全漏洞

Red Hat Satellite is a suite of system management platforms from Red Hat, an American company. The platform can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A security vulnerability exists in Red Hat Satelli...

CVE-2020-36856

Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...

EUVD-2025-37213

Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful exploitatio...

CVE-2024-14008

Nagios XI versions prior to 2024R1.3.2 contain a remote command execution vulnerability in the WinRM Configuration Wizard. Insufficient validation of user-supplied input allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations...

CVE-2024-14008

Nagios XI prior to 2024R1.3.2 is affected by a remote command execution vulnerability in the WinRM Configuration Wizard. The issue stems from insufficient validation of user-supplied input, allowing an authenticated administrator to inject shell metacharacters into backend command invocations, re...