PT-2025-39447

Name of the Vulnerable Software and Affected Versions Affected versions not specified Description This issue allows attackers to execute arbitrary commands on the underlying system. Successful exploitation grants full control over the device due to the web portal running with root privileges,...

PT-2025-39445

Name of the Vulnerable Software and Affected Versions Zenitel ICX500 and ICX510 Gateway affected versions not specified Description This issue allows attackers to execute arbitrary commands on the underlying system, potentially gaining shell access. Successful exploitation can compromise the...

Cisco IOS XE 命令注入漏洞

Cisco IOS XE is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. Cisco IOS XE suffers from a command injection vulnerability that stems from insufficie...

CVE-2025-57439

Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into the configuration, which is then executed on the server. This allows full system compromise, including reverse...

D-Link DIR-823X 命令注入漏洞

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability due to a flaw in the /usr/sbin/goahead file. An attacker can exploit this vulnerability to execute arbitrary commands on the system...

CVE-2025-57296

Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the subADBC0 helper function concatenates these user-supplied values into...

CVE-2025-57293

A command injection vulnerability in COMFAST CF-XR11 firmware V2.7.2 exists in the multipppoe API, processed by the sub423930 function in /usr/bin/webmgnt. The phyinterface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST request to...

PT-2025-38640

CVE-2025-59670 - Adobe Flash Arbitrary Command Execution Vulnerability CVE ID : CVE-2025-59670 Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...

CVE-2025-57296

The CVE-2025-57296 entry concerns Tenda AC6 router firmware 15.03.05.19. The formSetIptv function handles /goform/SetIPTVCfg requests and, when processing list and vlanId, uses a sub_ADBC0 helper that concatenates user-supplied values into nvram set system commands via doSystemCmd without validat...

CVE-2025-37126

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as...

Security update for bluez

This update for bluez fixes the following issues: CVE-2023-45866: keystroke injection and arbitrary command execution via HID device connections bsc1217877. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:03269-1 Security update for bluez

This update for bluez fixes the following issues: - CVE-2023-45866: keystroke injection and arbitrary command execution via HID device connections bsc1217877...

TOTOLINK X6000R sub_417D74 function command injection vulnerability

TOTOLINK X6000R is a wireless router supporting Wi-Fi 6 technology from China's Gion Electronics TOTOLINK, focusing on high concurrent connections and dual-band transmission capabilities. The TOTOLINK X6000R suffers from a command injection vulnerability that stems from the failure to properly...

CVE-2025-37127 Authenticated Replay Attack contains Cryptographic Vulnerability

A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system, potentially...

CVE-2025-37126

CVE-2025-37126 affects HPE Aruba Networking EdgeConnect SD-WAN Gateways via the Command Line Interface. The vulnerability allows remote authenticated users to execute arbitrary commands with root privileges, enabling full OS compromise. Multiple connected sources corroborate authenticated remote ...

Hewlett Packard Enterprise EdgeConnect SD-WAN 安全漏洞

Hewlett Packard Enterprise EdgeConnect SD-WAN is Hewlett Packard Enterprise's secure network foundation for Zero Trust and SASE. It includes best-in-class SD-WAN and next-generation firewalls that deliver unrivaled quality of experience and advanced security. A security vulnerability exists in...

Wavlink WL-WN578W2 sub_409184 Command Injection Vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. A command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter selEncrypTyp of the function sub409184 in the file /wizardrep.shtml that fails to correctly filter the constructor...

Wavlink WL-WN578W2 sub_401340 function command injection vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. A command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter ipaddr in the sub401340 function of the file /cgi-bin/login.cgi that fails to correctly filter the constructor...

TOTOLINK X6000R 安全漏洞

TOTOLINK X6000R is a wireless router supporting Wi-Fi 6 technology from China's Gion Electronics TOTOLINK, focusing on high concurrent connections and dual-band transmission capabilities. The TOTOLINK X6000R suffers from a command injection vulnerability that stems from the failure to properly...

D-Link DIR-823X 命令注入漏洞

The D-Link DIR-823X is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-823x 250416 and prior versions, which stems from the failure to properly filter constructed command special characters, commands, etc. in the parameter targetaddr in the fi...