Security Bulletin: Multiple vulnerabilities in IBM Aspera Orchestrator

Summary Multiple vulnerabilities were addressed in IBM Aspera Orchestrator 4.1.1 Vulnerability Details CVEID:CVE-2025-13211 DESCRIPTION: IBM Aspera Orchestrator could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency...

gardenctl is vulnerable to Command Injection when used with non‑POSIX shells

A security vulnerability was discovered in gardenctl when it is used with non‑POSIX shells such as Fish and PowerShell. Such setup could allow an attacker with administrative privileges for a Gardener project to craft malicious credential values in infrastructure Secret objects that break out of...

CVE-2025-64992

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remo...

CVE-2025-64992

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remo...

CVE-2025-64986

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-DevicesListeningOnAPort instruction prior V21. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands...

CVE-2025-64988

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-GetCmContentLocations instruction prior V19.2. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables...

CVE-2025-64993 Command Injection in 1E-ConfigMgrConsoleExtensions Instructions

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote...

CVE-2025-64993

Summary: CVE-2025-64993 affects TeamViewer DEX (formerly 1E DEX). The issue is a command-injection in the 1E-ConfigMgrConsoleExtensions instructions caused by improper input validation. Impact: authenticated attackers with Actioner privileges can inject arbitrary commands, enabling remote executi...

EUVD-2025-202672

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remo...

CVE-2025-64991

CVE-2025-64991 describes a command injection vulnerability in TeamViewer DEX (formerly 1E DEX). The issue occurs in the 1E-PatchInsights-Deploy instruction before V15 due to improper input validation, enabling authenticated attackers with Actioner privileges to inject arbitrary commands and poten...

EUVD-2025-202673

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-PatchInsights-Deploy instruction prior V15. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote...

CVE-2025-64990 Command Injection in 1E-Explorer-TachyonCore-LogoffUser Instruction

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation...

EUVD-2025-202675

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-FindFileBySizeAndHash instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands...

CVE-2025-64988 Command Injection in 1E-Nomad-GetCmContentLocations Instruction

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-GetCmContentLocations instruction prior V19.2. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell Metasploit Module CVE-2025-55182 BETA A robus...

EUVD-2024-55316

Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables...

EUVD-2024-55318

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

EUVD-2025-202606

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

Ruijie RG-BCR 安全漏洞

Ruijie RG-BCR is a series of cloud routers from China's Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-BCR that stems from improper handling of a specially crafted POST request for submitwifi in the file /usr/lib/lua/luci/controller/admin/commonquickconfig.lua, which could lead t...