CVE-2025-12275

The CVE-2025-12275 issue affects Azure Access Technology BLU-IC2 and BLU-IC4 (networked access controllers) up to and including version 1.19.5. The vulnerability stems from the mail configuration handling process, described as mail configuration file manipulation due to improper input validation,...

CVE-2025-12275 Mail Configuration File Manipulation + Command Execution

Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12275 Mail Configuration File Manipulation + Command Execution

Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

PT-2025-43752

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The software contains a flaw related to mail configuration file manipulation that can lead to command execution. The issue affects the handling of configuration files,...

Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Command Execution Vulnerability A command execution vulnerability exists due to...

CLSA-2025-1761325294 Fix CVE(s): CVE-2021-23240, CVE-2023-42465, CVE-2025-32462

SECURITY UPDATE: privilege escalation via symlinks - debian/patches/CVE-2021-23240.patch: fix opportunity for local unprivileged user to gain file ownership via symlinks. SECURITY UPDATE: unauthorized commands execution on unintended hosts - debian/patches/CVE-2025-32462.patch: restrict user from...

OESA-2025-2510 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: A vulnerability has been found in Samba File Transfer Software the affected version is unknown and classified as critical.The CWE definition for the vulnerability is CWE-77. The product constructs all or...

OpenVPN 安全漏洞

OpenVPN is a software package for creating encrypted tunnels for Virtual Private Networks VPNs from the US company OpenVPN, which uses the OpenSSL library to encrypt data and control information, and allows the created VPN to be authenticated using a public key, an electronic certificate, or a...

CVE-2025-54964

An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may inject arbitrary executables. If the Job Service is configured for local-only access, this may allow for privilege escalation in certain situations. If the Job Service is...

CVE-2025-58428

CVE-2025-58428 affects Veeder-Root TLS4B ATG system. The vulnerability stems from the SOAP-based interface being accessible through the web services handler, which enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. Reported impact incl...

CVE-2025-62713 Kottster app reinitialization can be re-triggered allowing command injection in development mode

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been...

Access Control Bypass

Overview @kottster/cli is a CLI for Kottster Affected versions of this package are vulnerable to Access Control Bypass via the initApp and installPackagesForDataSource actions. An attacker can gain unauthorized administrative access and execute arbitrary system commands by repeatedly triggering...

Access Control Bypass

Overview @kottster/common is a Common types and utilities for Kottster Affected versions of this package are vulnerable to Access Control Bypass via the initApp and installPackagesForDataSource actions. An attacker can gain unauthorized administrative access and execute arbitrary system commands ...

Exploit for OS Command Injection in Tenda Ac15_Firmware

Tenda-Router-VR-and-Exploit...

MAL-2025-48948 Malicious code in haedal-vaults-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4cdc575f935d62b37b17082181381a8002b5784fedda1dfc854ef2f74f39edf6 The OpenSSF Package Analysis project identified 'haedal-vaults-sdk' @ 1.6.0 npm as malicious. It is considered malicious because: - The package...

CVE-2025-54964

CVE-2025-54964 affects BAE Systems SOCET GXP prior to 4.6.0.2. The issue arises when a user can interact with the GXP Job Service, enabling injection of arbitrary executables. If the Job Service is configured for local-only access, this may allow privilege escalation; if it is network-accessible,...

Security Updates for Microsoft Word Products C2R (October 2025)

The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple remote code execution vulnerabilities that attackers can exploit to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for these issues but has instead...

VulnCheck KEV: CVE-2022-1703

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service DoS attack...

PT-2025-43551

Name of the Vulnerable Software and Affected Versions Veeder-Root TLS4B ATG versions affected versions not specified Description The TLS4B ATG system’s SOAP-based interface is susceptible to command injection due to its accessibility through the web services handler. This allows remote attackers...

Veeder-Root TLS4B Automatic Tank Gauge System 命令注入漏洞

Veeder-Root TLS4B Automatic Tank Gauge System is a security management system for gas stations, tank farms, or industrial storage tanks from Veeder-Root, Inc. The Veeder-Root TLS4B Automatic Tank Gauge System suffers from a command injection vulnerability that stems from the SOAP interface being...