Compuware iStrobe Web 代码问题漏洞

Compuware iStrobe Web is a mainframe performance analysis and optimization tool from Compuware Corporation. A code issue vulnerability exists in Compuware iStrobe Web version 20.13, which arises from a path traversal in the file upload form that could result in the upload of a JSP webshell and th...

Pretty Mail by FriendsOfFlarum 安全漏洞

Pretty Mail by FriendsOfFlarum is an open source tool from Friends of Flarum that allows you to make custom html templates for emails. A security vulnerability exists in Pretty Mail by FriendsOfFlarum version 1.1.2, which stems from a server-side template injection in an email template that could...

PT-2025-50597

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation...

PT-2025-50600

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote...

CVE-2025-56093

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the setWisp in file /usr/lib/lua/luci/modules/wireless.lua...

PT-2025-50666

Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR600W affected versions not specified Description An issue exists in Ruijie RG-BCR600W that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the restart modules function located in...

PT-2025-50688

Name of the Vulnerable Software and Affected Versions Ruijie X60 PRO versions V1.00 through V2.00 Description An issue exists in Ruijie X60 PRO that allows attackers to execute arbitrary commands. This is due to an OS Command Injection flaw present in the module get function within the...

PT-2025-50681

Name of the Vulnerable Software and Affected Versions Ruijie RG-YST EST, YSTAP 3.01B11P280YST250F versions V1.xxV2.xx Description An OS Command Injection issue exists in Ruijie RG-YST EST, YSTAP 3.01B11P280YST250F. Successful exploitation allows attackers to execute arbitrary commands. This is...

PT-2025-50695

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input...

CVE-2025-56114

OS Command Injection vulnerability in Ruijie M18 EW3.01B11P226M1810223116 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

PT-2025-50752

Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute...

Ruijie RG-S1930 安全漏洞

The Ruijie RG-S1930 is a series of Layer 2 network management switches from Ruijie China. A security vulnerability exists in the Ruijie RG-S1930 S1930SWITCH3.01B11P230 version, which originates from improper handling of a specially crafted POST request for moduleupdate in the file...

TeamViewer DEX Client 安全漏洞

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. A security vulnerability exists in versions prior to TeamViewer DEX Client V15 that stems from improper input validation and could lead to remote execution of arbitrary commands...

CVE-2025-56088

CVE-2025-56088 affects Ruijie RG-BCR RG-BCR860. The vulnerability is an OS command injection caused by unvalidated input in the action_service endpoint at /usr/lib/lua/luci/controller/admin/service.lua, exploitable via a crafted POST request. Impact as described: arbitrary command execution with ...

EulerOS 2.0 SP13 : samba (EulerOS-SA-2025-2532)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in Samba File Transfer Software the affected version is unknown and classified as critical.The CWE definition for th...

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

CVE-2024-58284

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands...

CVE-2024-58280

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

CVE-2024-58284 PopojiCMS 2.0.1 Remote Command Execution via Authenticated Metadata Settings

PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands...