ThreatFire System Monitor 安全漏洞

ThreatFire System Monitor is a security protection software from ThreatFire, Inc. A security vulnerability exists in ThreatFire System Monitor version v4.7.0.53, which stems from improper kernel driver access control and could lead to elevation of privilege and execution of arbitrary commands...

PT-2025-44305

Name of the Vulnerable Software and Affected Versions ThreatFire System Monitor version 4.7.0.53 Description A flaw exists in the kernel driver of ThreatFire System Monitor that allows for privilege escalation and arbitrary command execution. This is due to insecure access control through an...

CVE-2025-61156

ThreatFire System Monitor, version 4.7.0.53, contains a kernel driver flaw with insecure IOCTL that allows privilege escalation and arbitrary command execution. The vulnerability is due to incorrect access control in the kernel driver. Documented impact: local attacker can escalate privileges and...

D-Link DNS-343 ShareCenter 安全漏洞

The D-Link DNS-343 ShareCenter is a network storage device from China's AUO D-Link. The D-Link DNS-343 ShareCenter suffers from a command execution vulnerability that stems from insufficient input validation in the Mail Test feature, which can be exploited by an attacker to execute arbitrary...

Jenkins plugins Multiple Vulnerabilities (2025-10-29)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with...

CVE-2025-62801

CVE-2025-62801 affects FastMCP prior to version 2.13.0, where a command-injection vulnerability exists in how the server_name field is processed during the MCP installer cursor flow on Windows. An attacker who can influence the server_name value can cause arbitrary OS commands to run on Windows h...

MAL-2025-48947 Malicious code in geopost-web-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da57d3bad54c135655781ae00e108e90ad9a31f6eaa11327df5d4654a411f0d7 The package geopost-web-component was found to contain malicious code. Source: ghsa-malware...

CVE-2025-1037

CVE-2025-1037 affects Hitachi TropOS 4th Gen. The Red Hat, NVD, ENISA/EUVD, CIRCL sighting entries describe a vulnerability in the device’s web-based configuration utility (notably the Logging page) where an authenticated, low-privileged user who can run user-level shell commands can abuse script...

CVE-2025-62777

The CVE-2025-62777 entry concerns Planex MZK-DP300N, affected when using firmware versions 1.07 and earlier. The underlying issue is hard-coded credentials, which could allow an attacker on the local network to log in via Telnet and execute arbitrary commands. Mitigation is to update the device f...

CVE-2025-62777

Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may allow an attacker within the local network to log in to the affected device via Telnet and execute arbitrary commands...

Planex MZK-DP300N 信任管理问题漏洞

The Planex MZK-DP300N is a hotel router travel router from Planex Japan. A trust management issue vulnerability exists in Planex MZK-DP300N version 1.07 and earlier, which stems from the use of hard-coded credentials and could allow an attacker to log in via Telnet and execute arbitrary commands ...

Cisco IOS XE Software HTTP API Command Injection (cisco-sa-ios-xe-cmd-inject-rPJM8BGL)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by authenticating to an affected system and performing an API call...

CVE-2025-12275

Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

Exploit for Code Injection in Exiftool_Project Exiftool

CVE-2021-22204 취약점 exiftool 임의 명령 실행 사용법 1. exploit...

CVE-2025-8432 CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON

Incorrect Default Permissions vulnerability in Centreon Infra Monitoring MBI modules allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15...

Linux Distros Unpatched Vulnerability : CVE-2025-10230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or...

EUVD-2025-35947

Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

Malicious code in gear-js-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 08293e303cb9ccb253d0503e6c9a51606f052ca75e735030f6985425728f7e69 The OpenSSF Package Analysis project identified 'gear-js-util' @ 1337.1.0 npm as malicious. It is considered malicious because: - The package...

CVE-2025-12275

Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12275

Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...