CVE-2025-64053

A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint...

CVE-2025-64054

A reflected Cross Site Scripting XSS vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint...

Fanvil x210 安全漏洞

The Fanvil x210 is an IP telephony device from Fanvil. A security vulnerability exists in Fanvil x210 V2 version 2.12.20, which originates from an unauthenticated attacker on the local network who can execute arbitrary system commands...

Fanvil x210 安全漏洞

Fanvil x210 is an IP telephony device from Fanvil. A security vulnerability exists in the Fanvil x210 version 2.12.20, which originates from reflective cross-site scripting and could result in a denial of service or execution of arbitrary commands...

Flexsense DiskBoss 代码问题漏洞

Flexsense DiskBoss is a disk management tool from Flexsense, Inc. A code issue vulnerability exists in Flexsense DiskBoss version 11.7.28, which stems from unquoted service paths and could allow an attacker to elevate privileges and execute arbitrary system commands...

Array Networks ArrayOS AG 操作系统命令注入漏洞

Array Networks ArrayOS AG is an SSL-VPN product from Array Networks, Inc. that enables secure remote access regardless of user, device or location. Providing scalable and controlled remote and mobile access to corporate networks, enterprise applications and cloud services for any user, any device...

Fanvil x210 安全漏洞

Fanvil x210 is an IP telephony device from Fanvil. A security vulnerability exists in the Fanvil x210 version 2.12.20, which originates from a buffer overflow and could result in a denial of service or execution of arbitrary commands...

PT-2025-49253

Name of the Vulnerable Software and Affected Versions Fanvil x210 version 2.12.20 Description A buffer overflow exists on Fanvil x210 devices. An attacker can send a crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint, potentially leading to a denial of service or...

PT-2025-49252

Name of the Vulnerable Software and Affected Versions Fanvil x210 V2 version 2.12.20 Description An issue exists that allows unauthenticated attackers on the local network to execute arbitrary system commands. Recommendations Update to a newer version that contains a fix for this vulnerability...

CVE-2025-66576

Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution...

CVE-2025-66237

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...

CVE-2025-66237

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...

CVE-2025-66237

CVE-2025-66237 affects Sunbird DCIM dcTrack and related platforms, where default and hard-coded credentials enable an authenticated attacker to administer the database, escalate privileges on the platform, or execute system commands on the host. Multiple sources confirm the existence of hard-code...

CVE-2025-66576 Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)

Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution...

CVE-2024-58275 Easywall 0.3.1 - Authentication Bypass via Command Injection in /ports-save Endpoint

Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a parameter injection flaw. Attackers can inject shell metacharacters to execute arbitrary commands on the server...

MAL-2025-192304 Malicious code in elf-stats-northbound-sparkler-410 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f08736c2162a48e541984d90b3b871f1be3f37ce290cb43fce03b7af871d6804 The package elf-stats-northbound-sparkler-410 was found to contain malicious code. Source: ossf-package-analysis...

Exploit for CVE-2025-55182

Here is your ready-to-copy-paste README.md — clean, professional...

Pentesting-Metasploitable2-SMB-Service

Metasploitable2 – SMB Vulnerability Exploitation 🚀 This proje...

SUSE CVE-2025-66399

Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters including newlines that are...

CVE-2025-65842

The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...