PT-2025-47366

Name of the Vulnerable Software and Affected Versions H3C ERG3/ERG5 series routers H3C XiaoBei series routers H3C cloud gateways H3C wireless access points versions R0162P07 H3C wireless access points version UAP700-WPT330-E2265 H3C wireless access points version UAP672-WPT330-R2262 H3C wireless...

CVE-2025-63408

CVE-2025-63408 affects Local Agent DVR up to version 6.6.1.0. The vulnerability is a directory traversal that enables an unauthenticated local attacker to: (1) access sensitive information, (2) trigger a server-side forgery request (SSRF), and (3) execute operating system commands. The available ...

CVE-2025-9501 W3 Total Cache < 2.8.13 - Unauthenticated Command Injection

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...

CVE-2025-13284

CVE-2025-13284 affects ThinPLUS OS, with an OS Command Injection vulnerability that allows unauthenticated remote attackers to inject arbitrary commands and execute them on the server. The issue is documented across multiple feeds (Red Hat CVE, NVD, CNVD, etc.) with CVSSv3.1/4.0 CRITICAL and full...

MyScreenTools 安全漏洞

MyScreenTools is a Windows screen tool by luotengyuan individual developer. A security vulnerability exists in MyScreenTools version v2.2.1.0, which stems from an improperly cleaned file path that could lead to the execution of arbitrary system commands...

PT-2025-47179

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The software contains a flaw related to improper neutralization of special elements used in an OS command, potentially leading to OS command injection. This iss...

Malicious code in com.mixpanel.unity (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a617ed7539b6703818676ef051a6c12331b0e014026d1b56fb7d72775d7ad5a1 The package com.mixpanel.unity was found to contain malicious code. Source: ossf-package-analysis...

CVE-2025-64446

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTT...

[SECURITY] Fedora 41 Update: rust-reqsign-command-execute-tokio-2.0.1-1.fc41

Tokio-based command execution implementation for reqsign...

[SECURITY] Fedora 42 Update: rust-reqsign-command-execute-tokio-2.0.1-1.fc42

Tokio-based command execution implementation for reqsign...

GHSA-4M32-CJV7-F425 AstrBot is vulnerable to RCE with hard-coded JWT signing keys

Summary AstrBot uses a hard-coded JWT signing key, allowing attackers to execute arbitrary commands by installing a malicious plugin. Details AstrBot uses a hard-coded JWT signing key, which allows attackers to bypass the authentication mechanism. Once bypassed, the attacker can install a Python...

Malicious code in d1n0exploitaaaa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7ecd01d9010a3e9192c6636d4ddefa1e493438b1bbf65002e8daf6a014067692 Importing the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-11-d1n0...

CVE-2025-64446

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTT...

CVE-2025-64446

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTT...

CVE-2025-64446

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTT...

EUVD-2025-180541

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347...

EUVD-2025-180539

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server formerly known as NIM master service nimesis could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in...

CVE-2025-60676

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed...

PT-2025-47033

Name of the Vulnerable Software and Affected Versions AstrBot version 3.5.15 Description The software uses a hard-coded private key, "Advanced System for Text Response and Bot Operations Tool", to sign JSON Web Tokens JWT, which are compact, URL-safe means of representing claims to be transferred...

ZOHO ManageEngine Applications Manager Command Injection Vulnerability

ZOHO ManageEngine Applications Manager is a set of IT operation and maintenance management solutions of the United States ZhuoHao ZOHO company. The product has application performance management, fault management, report generation and SLA management and other functions. A command injection...