Wavlink WL-WN578W2 命令注入漏洞

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. Wavlink WL-WN578W2 221110 version exists a command injection vulnerability, the vulnerability stems from the parameter pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled of the function...

Wavlink WL-WN578W2 命令注入漏洞

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. A command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter ipaddr in the sub401340 function of the file /cgi-bin/login.cgi that fails to correctly filter the constructor...

PT-2025-37300

Name of the Vulnerable Software and Affected Versions: Digiever NVR affected versions not specified Description: Certain models of NVR developed by Digiever have an OS Command Injection vulnerability. This allows remote attackers to inject arbitrary OS commands and execute them on the device. Som...

Fortinet FortiDDoS-F Operating System Command Injection Vulnerability

Fortinet FortiDDoS-F is a distributed denial-of-service protection system from the U.S. company Fiat Fortinet. Fortinet FortiDDoS-F suffers from an operating system command injection vulnerability that stems from improper neutralization of special elements, which can be exploited by an attacker t...

SAP NetWeaver Deserialization Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. A deserialization vulnerability exists in SAP NetWeaver, which arises from unsafe deserialization of...

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23471)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability due to a flaw in the sub415028 function in the goform/setsticleases file. An attacker can exploit the vulnerability to execute arbitrary commands on the system...

CVE-2025-56413

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint...

Linux Distros Unpatched Vulnerability : CVE-2014-2886

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GKSu 2.0.2, when sudo-mode is not enabled, uses double quote characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in...

Linux Distros Unpatched Vulnerability : CVE-2021-28940

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary...

Advisory ROSA-SA-2025-2971

software: less 608 WASP: ROSA-CHROME unaffected versions = less-608-3 affected versions less-608-3 CVE-ID: CVE-2024-32487 BDU-ID: 2024-03717 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the UNIX-like UNIX text terminal utility Less is related to incorrect handling of quotation marks in the...

D-Link DIR-823X 命令注入漏洞

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability due to a flaw in the sub415028 function in the goform/setsticleases file. An attacker can exploit the vulnerability to execute arbitrary commands on the system...

MCP inspector 安全漏洞

MCP inspector is a development tool for debugging MCP servers. A security vulnerability exists in MCP inspector versions prior to 0.16.6 that stems from a cross-site scripting attack that could lead to arbitrary command execution...

PT-2025-36620

An XSS issue was reported in the MCP Inspector local development tool when connecting to an untrusted remote MCP server with a malicious redirect URI. This could be leveraged to interact directly with the inspector proxy to trigger arbitrary command execution. Users are advised to update to 0.16....

CVE-2025-50755

Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the setsyscmd function via the command parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-50757

Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the setsysadm function via the username parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-50755

The CVE-2025-50755 entry concerns the Wavlink WN535K3 router (firmware version 20191010). A command injection flaw exists in the set_sys_cmd function via the command parameter, enabling attackers to execute arbitrary commands through a crafted request. The issue is treated across multiple feeds (...

SonarQube Server 命令注入漏洞

SonarQube Server is a code quality and security auditing platform from Sonar UK. A command injection vulnerability exists in SonarQube Server versions 4 through 5.3.0, which stems from SonarQube Scan GitHub Action command injection and could lead to the execution of arbitrary commands...

WAVLINK WN535K3 安全漏洞

WAVLINK WN535K3 is a wireless router from China Ruiyin WAVLINK. A security vulnerability exists in the Wavlink WN535K3 version 20191010, which stems from the improper handling of the username parameter in the setsysadm function, which could lead to the execution of arbitrary commands...

TRENDnet TV-IP410 Command Injection Vulnerability

TRENDnet TV-IP410 is an Internet TV from TRENDnet. The TRENDnet TV-IP410 suffers from a command injection vulnerability that stems from misuse of the parameter DeviceURL in the file uapply.cgi of the component httpd, which can be exploited by an attacker to cause arbitrary command execution...

EUVD-2025-26404

Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the setsysadm function via the username parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...