44991 matches found
CVE-2025-64993 Command Injection in 1E-ConfigMgrConsoleExtensions Instructions
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote...
EUVD-2025-202672
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remo...
EUVD-2025-202673
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-PatchInsights-Deploy instruction prior V15. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote...
CVE-2025-64991
CVE-2025-64991 describes a command injection vulnerability in TeamViewer DEX (formerly 1E DEX). The issue occurs in the 1E-PatchInsights-Deploy instruction before V15 due to improper input validation, enabling authenticated attackers with Actioner privileges to inject arbitrary commands and poten...
CVE-2025-64990 Command Injection in 1E-Explorer-TachyonCore-LogoffUser Instruction
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation...
EUVD-2025-202675
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-FindFileBySizeAndHash instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands...
CVE-2025-64988 Command Injection in 1E-Nomad-GetCmContentLocations Instruction
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-GetCmContentLocations instruction prior V19.2. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell Metasploit Module CVE-2025-55182 BETA A robus...
EUVD-2024-55318
CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...
EUVD-2025-202606
Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...
EUVD-2024-55316
Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables...
CVE-2025-65294
Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...
Ruijie RG-BCR 安全漏洞
Ruijie RG-BCR is a series of cloud routers from China's Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-BCR that stems from improper handling of a specially crafted POST request for submitwifi in the file /usr/lib/lua/luci/controller/admin/commonquickconfig.lua, which could lead t...
Ruijie M18 安全漏洞
Ruijie M18 is a WiFi router from China Ruijie Ruijie. A security vulnerability exists in the Ruijie M18 EW3.01B11P226M1810223116 version, which originates from improper handling of a specially crafted POST request for moduleset in the file /usr/local/lua/devconfig/configretain.lua, which could le...
Pretty Mail by FriendsOfFlarum 安全漏洞
Pretty Mail by FriendsOfFlarum is an open source tool from Friends of Flarum that allows you to make custom html templates for emails. A security vulnerability exists in Pretty Mail by FriendsOfFlarum version 1.1.2, which stems from a server-side template injection in an email template that could...
Ruijie RG-BCR 安全漏洞
Ruijie RG-BCR is a series of cloud routers from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-BCR RG-BCR860 version, which stems from improper handling of a specially crafted POST request for networksetwanconf in the file /usr/lib/lua/luci/controller/admin/netport.lua, whi...
Ruijie RG-EW1800GX 安全漏洞
Ruijie RG-EW1800GX is a wireless router from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-EW1800GX version B11P226EW1800GX10223121, which stems from improper handling of a specially crafted POST request for moduleset in the file /usr/local/lua/devsta/nbrcwmp.lua, which...
Ruijie X30 PRO 安全漏洞
Ruijie X30 PRO is a home wireless router from China's Ruijie Ruijie. A security vulnerability exists in the Ruijie X30 PRO that stems from improper handling of a specially crafted POST request for pwdmodify in the file /usr/lib/lua/luci/modules/common.lua, which could result in the execution of...
Ruijie RG-YST 安全漏洞
Ruijie RG-YST is a series of wireless bridges from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-YST YSTAP3.01B11P280YST250F V1.xxV2.xx version, which originates from mishandling of a specially crafted POST request for pwdmodify in the file...
Ruijie RG-EW1800GX PRO 安全漏洞
Ruijie RG-EW1800GX PRO is a wireless router from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-EW1800GX PRO B11P226EW1800GX-PRO10223117 version, which originates from a specially crafted POST request to moduleget in file /usr/local/lua/devsta/networkConnect.lua. Improper...