CVE-2020-36910

Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizardsystem.cgi pages. Attackers can exploit the 'NTPServerIP' parameter with default credentials to execute arbitrary shell commands as root...

CVE-2020-36915 Adtec Digital SignEdje Digital Signage Player v2.08.28 Default Credentials

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec...

CVE-2020-36910 Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter

Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizardsystem.cgi pages. Attackers can exploit the 'NTPServerIP' parameter with default credentials to execute arbitrary shell commands as root...

New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands

A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system commands on the underlying host. The vulnerability, tracked as CVE-2025-68668 , is rated 9.9 on the CVSS scoring...

Adtec Digital SignEdje Digital Signage Player 安全漏洞

Adtec Digital SignEdje Digital Signage Player is a digital signage player from Adtec Digital, USA. A security vulnerability exists in Adtec Digital SignEdje Digital Signage Player version v2.08.28, which stems from the presence of multiple hardcoded default credentials that could result in gainin...

CVE-2025-64419 Coolify vulnerable to command injection via docker-compose.yaml parameters

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...

CVE-2025-67397

An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection...

Malicious code in faceplate-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06d59e051a3b111ec2ba70071d0c2273f89c30a8eb1c6de75cb69d2eefc08b17 The package faceplate-ui was found to contain malicious code. Source: ghsa-malware 760b2fdc48604bbd4ed6a6251e192cec01c7f27dc59320b0a6e7f5fec3d1c13f A...

CVE-2025-67397

An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection...

Medium: edk2

Issue Overview: EDK2 contains a vulnerability in BIOS where an attacker may cause "Exposure of Sensitive Information to an Unauthorized Actor" by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact...

CVE-2025-67397

An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection...

Passy 安全漏洞

Passy is a physical access management platform from Passy, an Italian company. A security vulnerability exists in Passy version 1.6.3 that originates from a specially crafted HTTP request and could lead to the execution of arbitrary commands...

D-Link多款产品 访问控制错误漏洞

The D-Link DSL-2740R and other products are products of China AUO D-Link.The D-Link DSL-2740R is a high-performance ADSL router.The D-Link DSL-2640B is a wireless ADSL routed broadband cat.The D-Link DSL-2780B is a wireless ADSL routed broadband cat.The D-Link DSL-2780B is a wireless ADSL routed...

PT-2026-1325

Name of the Vulnerable Software and Affected Versions Passy version 1.6.3 Description A flaw exists in Passy that could allow a remote attacker to execute arbitrary commands. This can occur through the serial interface by sending a specific code sequence. Additionally, a remote authenticated...

PT-2026-1326

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.445 Description Coolify is a self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters from docker-compose.yaml files are not properly sanitized when...

Amazon Linux 2 : edk2, --advisory ALAS2-2025-3116 (ALAS-2025-3116)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3116 advisory. EDK2 contains a vulnerability in BIOS where an attacker may cause Exposure of Sensitive Information to an Unauthorized Actor by local access. Successful exploitation of this vulnerability will le...

RHEL 6 : httpd (RHSA-2026:0074)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0074 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP Server: Serve...

Command Execution Vulnerability in U8 Cloud of UFIDA Network Technology Corporation (CNVD-C-2026-26052)

U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A command execution vulnerability exists in UFIDA U8 Cloud, which can be...

SQLMAP - Automatic SQL Injection Tool 1.10

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive...

EUVD-2025-206133

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...