CVE-2020-36856 Nagios XI < 5.6.14 Authenticated RCE command_test.php via address

Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...

CVE-2025-34284 Nagios XI < 2024R2 Authenticated Command Injection via WinRM Plugin

Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful exploitatio...

CVE-2025-34284 Nagios XI < 2024R2 Authenticated Command Injection via WinRM Plugin

Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful exploitatio...

CVE-2025-61156

Incorrect access control in the kernel driver of ThreatFire System Monitor v4.7.0.53 allows attackers to escalate privileges and execute arbitrary commands via an insecure IOCTL...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2024R1.2, which stems from insufficient...

CVE-2025-61156

ThreatFire System Monitor, version 4.7.0.53, contains a kernel driver flaw with insecure IOCTL that allows privilege escalation and arbitrary command execution. The vulnerability is due to incorrect access control in the kernel driver. Documented impact: local attacker can escalate privileges and...

Exploit for Code Injection in Exiftool_Project Exiftool

CVE-2021-22204 취약점 exiftool 임의 명령 실행 사용법 1. exploit...

Linux Distros Unpatched Vulnerability : CVE-2025-10230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or...

Security Updates for Microsoft Word Products C2R (October 2025)

The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple remote code execution vulnerabilities that attackers can exploit to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for these issues but has instead...

ZOHO ManageEngine ADManager Plus Command Injection Vulnerability

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

CVE-2025-6542

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...

CVE-2025-6541

An arbitrary OS command may be executed on the product by the user who can log in to the web management interface...

CVE-2025-6542 OS command injection in multiple parameters

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...

CVE-2025-6541

CVE-2025-6541 affects TP-Link Omada gateway devices. The flaw allows command injection in the device OS via the web management interface, exploitable by an authenticated user to run arbitrary commands. Impact is high per CVSS. TP-Link issued firmware updates addressing this and similar flaws; use...

ZenML Input Validation Error Vulnerability

ZenML is an extensible open source MLOps framework from ZenML Open Source for creating portable, production-ready machine learning pipelines. An input validation error vulnerability exists in ZenML version 0.83.1, which stems from the failure of the PathMaterializer class to effectively detect...

ZOHO ManageEngine ADManager Plus 安全漏洞

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

TP-Link Omada gateways 安全漏洞

TP-Link Omada gateways is a security gateway from China P&L TP-Link. A security vulnerability exists in TP-Link Omada gateways, which originates from an arbitrary OS command that can be executed by a user logged in through the web management interface...

Galaxy Software Services Vitals ESP 安全漏洞

Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. A security vulnerability exists in Galaxy Software Services Vitals ESP version 1.3 and prior versions, which stems from the upload file feature not restricting the type of...

D-Link DAP-2695 Operating System Command Injection Vulnerability

The D-Link DAP-2695 is a high-performance dual-band wireless access point from China's AUO D-Link. The D-Link DAP-2695 version 2.00RC131 suffers from an operating system command injection vulnerability, which originates from the failure of the function fwupdatermain of the component Firmware Upda...

Centreon Command Injection Vulnerability (CNVD-2025-24650)

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon suffers from a command injection vulnerability that stems from the application's failure to...