CVE-2024-32010

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged application user and to run...

EUVD-2024-29848

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged application user and to run...

CVE-2025-12943

Improper certificate validation in firmware update logic in NETGEAR RAX30 Nighthawk AX5 5-Stream AX2400 WiFi 6 Router and RAXE300 Nighthawk AXE7800 Tri-Band WiFi 6E Router allows attackers with the ability to intercept and tamper traffic destined to the device to execute arbitrary commands on the...

CVE-2025-12942

Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86...

CVE-2025-12943

Improper certificate validation in firmware update logic in NETGEAR RAX30 Nighthawk AX5 5-Stream AX2400 WiFi 6 Router and RAXE300 Nighthawk AXE7800 Tri-Band WiFi 6E Router allows attackers with the ability to intercept and tamper traffic destined to the device to execute arbitrary commands on the...

CVE-2025-12943

CVE-2025-12943 involves NETGEAR RAX30 and RAXE300 devices, where improper certificate validation in the firmware update logic lets an attacker who can intercept and modify traffic potentially execute arbitrary commands on the device. Affected products: NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400...

CVE-2025-12943 Improper certificate validation in firmware update logic in NETGEAR RAX30 and RAXE300

Improper certificate validation in firmware update logic in NETGEAR RAX30 Nighthawk AX5 5-Stream AX2400 WiFi 6 Router and RAXE300 Nighthawk AXE7800 Tri-Band WiFi 6E Router allows attackers with the ability to intercept and tamper traffic destined to the device to execute arbitrary commands on the...

CVE-2025-12942 Improper input validation in NETGEAR R6260 and R6850

Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86...

CVE-2025-12942

CVE-2025-12942 affects NETGEAR R6260 and R6850 hardware: improper input validation allows unauthenticated LAN-connected attackers to perform MiTM attacks and gain control over the DNS Server, potentially enabling command execution. Affected versions are up to 1.1.0.86 for both models. According t...

CVE-2025-12942 Improper input validation in NETGEAR R6260 and R6850

Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86...

EUVD-2025-60987

Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating...

CVE-2025-42894

Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation could enable the attacker to execute arbitrary operating system...

CVE-2025-42894

SAP Business Connector is affected by a Path Traversal vulnerability. An attacker authenticated as an administrator with adjacent access can read, write, overwrite, and delete arbitrary files on the host, potentially enabling execution of arbitrary OS commands and full system compromise. The issu...

PT-2025-46536

Name of the Vulnerable Software and Affected Versions Spectrum Power 4 versions prior to 4.70 SP12 Update 2 Description The application is susceptible to arbitrary command execution through the user interface. This interface is accessible over the network, enabling command execution with...

NETGEAR R6260和NETGEAR R6850 安全漏洞

NETGEAR R6260 and NETGEAR R6850 are both products of NETGEAR, Inc.NETGEAR R6260 is a router. A hardware device that connects two or more networks and acts as a gateway between networks.The NETGEAR R6850 is a wireless router. A security vulnerability exists in the NETGEAR R6260 and NETGEAR R6850...

NETGEAR RAX30和NETGEAR RAXE300 安全漏洞

NETGEAR RAX30 and NETGEAR RAXE300 are both products of NETGEAR, Inc.NETGEAR RAX30 is a dual-band wireless router.NETGEAR RAXE300 is a wireless router. A security vulnerability exists in the NETGEAR RAX30 and RAXE300 that stems from improper certificate validation in the firmware update logic, whi...

Siemens Spectrum Power 安全漏洞

Siemens Spectrum Power is an energy management system from Siemens, Germany. A security vulnerability exists in Siemens Spectrum Power 4 versions prior to V4.70 SP12 Update 2, which originates from a user interface that can run arbitrary commands over the network, potentially resulting in the...

Lite XL Arbitrary Code Execution via Project Module and Legacy system.exec Function

Overview Lite XL is a lightweight text editor derived from the lite project, written primarily in Lua and C. It supports Windows, Linux, and macOS, and is designed for extensibility through plugins and project‑specific modules. Description Two vulnerabilities were identified Lite XL: CVE-2025-121...

CVE-2025-43079

CVE-2025-43079 concerns Qualys Cloud Agent where the bundled uninstall script qagent_uninstall.sh (Mac/Linux) executes multiple system commands without absolute paths and without sanitizing $PATH. The root cause is reliance on manipulated PATH, enabling a privileged user (root/sudo) with elevated...

CVE-2025-12155

A Command Injection vulnerability, resulting from improper file path sanitization Directory Traversal in Looker allows an attacker with Developer permission to execute arbitrary shell commands when a user is deleted on the host system. Looker-hosted and Self-hosted were found to be vulnerable. Th...