CVE-2025-5492

A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub456DE8 of the file /mspinfo.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection. The attack...

CVE-2025-41650

An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service...

CVE-2025-5127

A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. Executing manipulation of the argument cmd can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

PT-2025-22842 · Flir · Flir Ax8

Name of the Vulnerable Software and Affected Versions: FLIR AX8 versions up to 1.46.16 Description: A problematic issue has been found in the processing of the file /prod.php, where the manipulation of the cmd argument leads to cross-site scripting. This issue can be exploited remotely...

Teledyne FLIR AX8 跨站脚本漏洞

Teledyne FLIR AX8 is a series of thermal surveillance cameras from Teledyne FLIR USA. A cross-site scripting vulnerability exists in Teledyne FLIR AX8 version 1.46.16 and earlier, which stems from a cross-site scripting attack due to the incorrect operation of the parameter cmd in the file...

CVE-2023-41453

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component...

CVE-2023-51772

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...

CVE-2022-30909

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm...

CVE-2020-18280

Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function...

PT-2025-27714

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to Bluetooth MGMT. The issue involves rejecting malformed HCI CMD SYNC commands. In the mgmt hci cmd sync function, a che...

TOTOLINK A720R、TOTOLINK A3002R和TOTOLINK A3002RU 安全漏洞

TOTOLINK A3002RU and others are products of China Gion Electronics TOTOLINK.TOTOLINK A3002RU is a wireless router product.TOTOLINK A720R is a wireless router.TOTOLINK A3002R is a wireless router.TOTOLINK A3002R is a wireless router. A security vulnerability exists in the TOTOLINK A720R, TOTOLINK...

SUSE CVE-2022-49891

In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix memory leak in testgenkprobe/kretprobecmd testgenkprobecmd only free buf in fail path, hence buf will leak when there is no failure. Move kfreebuf from fail path to common path to prevent the memleak. The sam...

CVE-2025-4349

A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host leads to command injection. It is possible to initiate the attack remotely. This vulnerability only affects products that are no long...

PT-2025-18905 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A vulnerability in the Linux kernel has been resolved, where the ila xlat nl cmd get mapping function generates an empty message, triggering a sanity check. This issue is resolved ...

CVE-2025-29659

Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...

CVE-2025-29659

Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...

CVE-2025-29659

Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...

PT-2025-17440 · Yi · Yi Iot Xy-3820

Name of the Vulnerable Software and Affected Versions: Yi IOT XY-3820 version 6.0.24.10 Description: The issue concerns a Remote Command Execution vulnerability via the cmd listen function located in the cmd binary. This allows for unauthorized execution of commands, potentially leading to a full...

CVE-2025-29659

CVE-2025-29659 affects Yi IOT XY-3820, version 6.0.24.10. The vulnerability is a Remote Command Execution via the cmd_listen function in the cmd binary, with network access and no user interaction required (CVSS v3.1: 9.8, Critical). The reports do not specify a fixed version; a workaround sugges...

The vulnerability of the `ovs_vport_cmd_fill_info()` function in the `net/openvswitch/datapath.c` module, which is part of the Open vSwitch router support in the Linux operating system, allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the ovsvportcmdfillinfo function in the net/openvswitch/datapath.c module, which is part of the Open vSwitch router support in the Linux operating system, relates to the reutilization of previously released memory. Exploiting this vulnerability could allow an attacker to...