CVE-2024-39685

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is used directly in a command executed with subprocess.runcmd, shell=True in the resample function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier...

CVE-2024-39763

Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

CVE-2024-39686

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is used directly in a command executed with subprocess.runcmd, shell=True in the bertgen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier...

ZX Allows Environment Variable Injection for dotenv API

Impact This vulnerability is an Environment Variable Injection issue in dotenv.stringify, affecting google/zx version 8.3.1. An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or...

OpenPanel 安全漏洞

OpenPanel is a web hosting panel from OpenPanel, Inc. A security vulnerability exists in OpenPanel version v0.3.4, which stems from the inclusion of an OS command injection vulnerability that allows an attacker to inject malicious commands via the timezone parameter. The vulnerability allows an...

The vulnerability of the web interface of the microprogramming software for routers EDIMAX BR-6476AC allows a hacker to enhance their privileges and execute arbitrary commands.

The vulnerability of the web interface of EDIMAX BR-6476AC microprogrammed software routers lies in the falsification of inter-site requests due to incorrect processing of special symbols. Exploiting this vulnerability allows a remote attacker to enhance their privileges and execute arbitrary...

CVE-2025-20014

mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system...

CVE-2025-20061

mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system...

Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout (CVE-2024-47115)

Summary A vulnerability in the AIX invscout command could allow a non-privileged local user to execute arbitrary commands CVE-2024-47115. Vulnerability Details CVEID:CVE-2024-47115 DESCRIPTION: IBM AIX could allow a local user to execute arbitrary commands on the system due to improper...

CVE-2024-48419

Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access t...

The vulnerability of the web interface of Microprogramming Software for WI-Fi routers from Sharp allows a hacker to elevate their privileges and execute arbitrary commands.

The vulnerability of the web interface of Microprogramming Software-based Wi-Fi routers from Sharp is related to insufficient protection of operational data during code debugging. Exploiting this vulnerability can allow a remote attacker to enhance their privileges and execute arbitrary commands...

CVE-2025-22609

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to attach any existing private key on a coolify instance to his own server. If the server configuration of I...

CVE-2025-22606

CVE-2025-22606 describes a command-injection vulnerability in Coolify caused by unsafely handling project names in versions up to 4.0.0-beta.358 (likely earlier). An attacker with access to project management could inject arbitrary shell commands by including unescaped characters (e.g., a single ...

Coolify 安全漏洞

Coolify is an open source and self-hosted alternative to Heroku/Netlify/Vercel. A elevation of privilege vulnerability exists in coolLabs Coolify, which is caused by improper authorization validation of terminal functions. An attacker can exploit the vulnerability to gain elevated privileges and...

The vulnerability of the device management consoles (AMS) and central control consoles (SMM) of the SonicWall SMA 1000 series microprogrammed network interface controllers allows attackers to execute arbitrary operating system commands.

The vulnerability of the device management consoles AMS and central control consoles SMM of SonicWall’s SMA 1000 series microprogrammed network interface controllers is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a remote attacker to execute...

Linksys E8450 id_email_check_btn Command Injection Vulnerability

The Linksys E8450 is a router from Linksys USA. A command injection vulnerability exists in the Linksys E8450 v1.2.00.360516, which stems from idemailcheckbtn failing to correctly filter constructed command special characters, commands, and more. An attacker can exploit this vulnerability to caus...

TOTOLINK A810R Command Injection Vulnerability (CNVD-2025-02379)

The TOTOLink A810R is a wireless dual-band router from China's TotoLink. The TOTOLINK A810R suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands by sending HTTP requests...

Linksys E8450 userEmail Command Injection Vulnerability

The Linksys E8450 is an E-series wireless router from Linksys USA. A command injection vulnerability exists in the Linksys E8450 v1.2.00.360516, which stems from userEmail failing to properly filter constructed command special characters, commands, and more. An attacker can exploit this...

Linksys E8450 wizard_status command injection vulnerability

The Linksys E8450 is a router from Linksys USA. A command injection vulnerability exists in Linksys E8450 v1.2.00.360516, which stems from wizardstatus failing to properly filter construct command special characters, commands, and more. An attacker can exploit this vulnerability to cause arbitrar...

Amazon Linux 2 : perl-Module-ScanDeps (ALAS-2025-2738)

The version of perl-Module-ScanDeps installed on the remote host is prior to 1.10-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2738 advisory. Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local...