Linux Distros Unpatched Vulnerability : CVE-2019-7342

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable...

CVE-2025-9387

A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ipblock.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate...

CVE-2025-55602

D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formSysCmd function via the submit-url parameter...

D-Link DIR-619L 缓冲区错误漏洞

D-Link DIR-619L is a home wireless router from AUO D-Link, designed for home and small office environments, utilizing the IEEE 802.11n wireless standard with a maximum transmission rate of 300Mbps. The D-Link DIR-619L suffers from a buffer overflow vulnerability that originates from the submit-ur...

CVE-2010-20059 FreeNAS < 0.7.2 rev 5543 exec_raw.php Arbitrary Command Execution

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The execraw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation...

DEBIAN-CVE-2025-38548

In the Linux kernel, the following vulnerability has been resolved: hwmon: corsair-cpro Validate the size of the received input buffer Add bufferrecvsize to store the size of the received bytes. Validate bufferrecvsize in sendusbcmd...

PT-2025-33282 · Kuwfi · Kuwfi Gc111

Name of the Vulnerable Software and Affected Versions: KuWFi GC111 versions GC111-GL-LM321 V3.0 20191211 Description: The KuWFi GC111 device is susceptible to unauthorized command execution. A crafted POST request to the /goform/goform set cmd process API endpoint, utilizing the SSID parameter,...

The vulnerability of D-Link DI-7300G+ and DI-8200G router microprogramming software lies in the lack of measures to neutralize special elements, allowing attackers to execute arbitrary commands.

The vulnerability of D-Link DI-7300G+ and DI-8200G router microprogramming software lies in the lack of measures taken to neutralize special elements when processing parameters such as flag, cmd, and iface on the mspinfo.htm page. Exploiting this vulnerability allows a remote attacker to execute...

Malicious Package

Overview proc-log-cmd is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-6369 Malicious code in proc-log-cmd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef3082ede726543b5e19f768b9c6630da020446b5902205ab679184c0cac0c03 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in proc-log-cmd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef3082ede726543b5e19f768b9c6630da020446b5902205ab679184c0cac0c03 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Vulnerability of components core.c, fabrics-cmd-auth.c, and fabrics-cmd.c in the Linux operating system kernel, which allows a hacker to cause a service failure

The vulnerability of the core.c, fabrics-cmd-auth.c, and fabrics-cmd.c components of the Linux operating system’s kernel is related to a resource leak. Exploiting this vulnerability can allow an attacker to cause service failures...

kernel: dm ioctl: prevent potential spectre v1 gadget

A vulnerability was found in the Linux kernel's dm-ioctl interface in the lookupioctl function, which accepts a user-provided cmd value that is used to index the ioctls array directly. This issue could lead to an out-of-bounds access if the CPU speculatively executes the array access before cmd i...

The vulnerability of the bs_setCmd() function in the libshare-0.0.26.so library of the LB-LINK microprogramming router software allows a attacker to execute arbitrary commands.

The vulnerability of the bssetCmd function in the libshare-0.0.26.so library of the LB-LINK router software lies in the failure to take data cleaning measures at the control level when processing the cmd parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary comman...

The vulnerability of the built-in boa server (/boafrm/formSysCmd) of the TOTOLINK EX1200T router’s microprogramming system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the built-in server boa /boafrm/formSysCmd of the TOTOLINK EX1200T router’s microprogramming system lies in the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and...

kernel: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2capsendcmd After the hci sync command releases l2capconn, the hci receive data work queue references the released l2capconn when sending to the upper layer. Add hci dev lock to...

CVE-2025-45988

Blink routers BL-WR9000 V2.4.9 , BL-AC2100AZ3 V1.0.4, BL-X10AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200AT1 v1.0.0, BL-X26AC8 v1.2.8, BLAC450MAE4 v4.0.0 and BL-X26DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the cmd parameter in the bsSetCmd function...

CVE-2025-45988

The CVE-2025-45988 entry affects Blink routers (BL-WR9000, BL-AC2100 AZ3, BL-X10 AC8, BL-LTE300, BL-F1200 AT1, BL-X26 AC8, BLAC450M AE4, BL-X26 DA3) with multiple command injection vulnerabilities in the bs_SetCmd function via the cmd parameter. Root cause: improper handling of the cmd parameter ...

Dell ControlVault3和Dell ControlVault3 Plus 代码问题漏洞

Dell ControlVault3 and Dell ControlVault3 Plus are both hardware-based security solutions from Dell, Inc. A code issue vulnerability exists in Dell ControlVault3 versions prior to 5.15.10.14 and Dell ControlVault3 Plus versions prior to 6.2.26.36, which stems from a deserialization vulnerability ...

Vulnerability of components of Linux operating system’s kernel/mlx5, allowing a hacker to cause a service failure

The vulnerability of the net/mlx5 component in the Linux operating system’s kernel is related to incorrect blocking in the cmdworkhandler function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. Exploiting this vulnerability can allow an attacker to cause a service failure...