ROS-20250724-02

A vulnerability in the Cockpit server management system is related to the failure to clean data at the at the management level. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...

The vulnerability of the ssdpcgi_main() function (/htdocs/cgibin) in the ssdpcgi component of D-Link DIR-645 router microprogramming software, allowing a hacker to execute arbitrary commands

The vulnerability of the ssdpcgimain function /htdocs/cgibin of the ssdpcgi component in the D-Link DIR-645 router microprogramming system is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...

CVE-2025-46099

In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logic in albums.site.php, resulting in arbitrary command execution through a GET parameter...

CVE-2025-46099

In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logic in albums.site.php, resulting in arbitrary command execution through a GET parameter...

CVE-2025-53472

WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in WebGUI. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to WebGUI...

CVE-2025-41675 Remote Command Injection via GET in Cloud Server Communication Script Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command...

CVE-2025-41673 Remote Command Injection in send_sms Action Due to Improper Input Neutralization

A high privileged remote attacker can execute arbitrary system commands via POST requests in the sendsms action due to improper neutralization of special elements used in an OS command...

CommScope Ruckus Unleashed 安全漏洞

CommScope Ruckus Unleashed is a wireless router from CommScope USA. A security vulnerability exists in CommScope Ruckus Unleashed versions prior to 200.15.6.212.14 and 200.17.7.0.139, which stems from insufficient validation of diagnostic API endpoint inputs, and could lead to the execution of...

CommScope Ruckus Unleashed 安全漏洞

The CommScope Ruckus Unleashed is a wireless router from CommScope USA. A security vulnerability exists in CommScope Ruckus Unleashed versions prior to 200.15.6.212.14, 200.17.7.0.139, and Ruckus ZoneDirector versions prior to 10.5.1.0.279, which stems from improperly cleaned inputs to hidden deb...

GPT-SoVITS-WebUI Code Issue Vulnerability (CNVD-2025-23582)

GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI that stems from unsafe deserialization processing of processckpt.py when receiving serialized data submitted by a user, which can be exploited by an attacker to execute arbitrary commands on the system...

GPT-SoVITS-WebUI change_label function command injection vulnerability

GPT-SoVITS-WebUI is a TTS training model. A command injection vulnerability exists in the GPT-SoVITS-WebUI changelabel function that can be exploited by an attacker to execute arbitrary commands on the system...

GPT-SoVITS-WebUI Code Issue Vulnerability

GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI that stems from unsafe deserialization handling of the AudioPreDeEcho class when receiving serialized data submitted by the user, which can be exploited by an attacker to execute arbitrary commands on...

CVE-2025-46122

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint /admin/cmdstat.jsp passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC...

The vulnerability of the graphical interface of Git, a distributed version control system for software development by Microsoft Visual Studio, allows a hacker to execute arbitrary commands.

The vulnerability of the graphical interface of Git, a distributed version control system for software development by Microsoft Visual Studio, exists due to the failure to address the issues related to special elements used in operating system commands. Exploiting this vulnerability could allow a...

GPT-SoVITS-WebUI open_asr function command injection vulnerability

GPT-SoVITS-WebUI is a TTS training model. A command injection vulnerability exists in the GPT-SoVITS-WebUI openasr function. An attacker can exploit this vulnerability to execute arbitrary commands on the system...

CVE-2025-49835

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py openasr function. asrinpdir and a number of other variables takes user input, which is passed to the openasr function, which concatenates the...

CVE-2025-49836

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in webui.py changelabel function. pathlist takes user input, which is passed to the changelabel function, which concatenates the user input into a command...

CVE-2025-49833

GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is a command injection vulnerability in the webui.py openslice function. sliceoptroot and slice-inp-path takes user input, which is passed to the openslice function, which concatenates the use...

CVE-2025-52046

Totolink A3300R V17.0.0cu.596B20250515 was found to contain a command injection vulnerability in the sub4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request...

SUSE CVE-2025-53905

Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim's tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successful...