PT-2025-50934

SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...

CVE-2024-58286

dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passwd by exploiting improper input validation...

Improper Neutralization of Special Elements Used in a Template Engine

Overview fof/pretty-mail is a Create HTML email for Flarum Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the email template processing. An authenticated attacker with admin privileges can execute arbitrary system...

CVE-2024-58284

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands...

CVE-2024-58282

Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables...

CVE-2024-58303

FoF Pretty Mail 1.1.2 has a server-side template injection vulnerability in email template processing that lets an administrator inject code and trigger arbitrary system commands during email generation. Affected component: FoF Pretty Mail (likely package foF/pretty-mail) with internal Blade temp...

CVE-2024-58298 Compuware iStrobe Web 20.13 Pre-Auth Remote Code Execution via File Upload

Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute...

GHSA-FXMW-JCGR-W44V pgadmin4 has a Meta-Command Filter Command Execution

The PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark EF BB BF or other special byte sequences. The implemented filter uses the function hasmetacommands, which scans raw...

pgadmin4 has a Meta-Command Filter Command Execution

The PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark EF BB BF or other special byte sequences. The implemented filter uses the function hasmetacommands, which scans raw...

Exploit for Deserialization of Untrusted Data in Facebook React

Next.js React Server Components RCE Exploit Exploits CVE-2025...

EUVD-2025-202871

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input...

CVE-2025-56113

OS Command Injection vulnerability in Ruijie RG-YST EST, YSTAP3.01B11P280YST250F V1.xxV2.xx allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua...

CVE-2025-56111

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the networksetwanconf in file /usr/lib/lua/luci/controller/admin/netport.lua...

CVE-2025-56110

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the actiondealupdate in file /usr/lib/lua/luci/controller/api/rcmsAPI.lua...

CVE-2025-56097

OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226EW1800GX-PRO10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

CVE-2025-56099

OS Command Injection vulnerability in Ruijie RG-YST AP3.01B11P280YST250F allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua...

CVE-2025-56098

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

CVE-2025-65199

A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and v2.18.8...

CVE-2025-56077

OS Command Injection vulnerability in Ruijie RG-RAP2200E 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

CVE-2025-56083

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrnetworkIdmerge.lua...