CVE-2024-58274

Hikvision CSMP Comprehensive Security Management Platform iSecure Center through 2024-08-01 allows execution of a command within $ in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025...

CVE-2025-6542

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...

CVE-2025-6541

An arbitrary OS command may be executed on the product by the user who can log in to the web management interface...

VulnCheck KEV: CVE-2025-6264

Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch...

EUVD-2024-55040

Hikvision CSMP Comprehensive Security Management Platform iSecure Center through 2024-08-01 allows execution of a command within $ in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025...

VulnCheck KEV: CVE-2016-15048

AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...

CVE-2024-58274

Hikvision CSMP Comprehensive Security Management Platform iSecure Center through 2024-08-01 allows execution of a command within $ in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025...

CVE-2024-58274

CVE-2024-58274 affects Hikvision CSMP iSecure Center (through 2024-08-01). Affected component is the JSON data handling in /center/api/installation/detection, where unverified use of the $() command can lead to arbitrary command execution. Documents indicate exploitation in the wild during 2024 a...

VulnCheck KEV: CVE-2024-58274

Hikvision CSMP Comprehensive Security Management Platform iSecure Center through 2024-08-01 allows execution of a command within $ in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025...

CVE-2024-58274

Hikvision CSMP Comprehensive Security Management Platform iSecure Center through 2024-08-01 allows execution of a command within $ in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025...

Malicious code in test-all1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b9b13c552c50461f4b3a7a423bf9fc79e3a5ea1c36d107ecd7536223789616aa The OpenSSF Package Analysis project identified 'test-all1' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

CVE-2025-7850

CVE-2025-7850 is an authenticated OS command injection affecting TP-Link Omada gateway devices. The TP-Link/THN coverage describes exploitation via the WireGuard VPN settings where improper sanitization enables arbitrary OS commands (root) after admin authentication, with two other Omada flaws pa...

CVE-2025-6542 OS command injection in multiple parameters

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...

EUVD-2025-35118

An arbitrary OS command may be executed on the product by the user who can log in to the web management interface...

CVE-2025-6541

CVE-2025-6541 affects TP-Link Omada gateway devices. The flaw allows command injection in the device OS via the web management interface, exploitable by an authenticated user to run arbitrary commands. Impact is high per CVSS. TP-Link issued firmware updates addressing this and similar flaws; use...

ZenML Input Validation Error Vulnerability

ZenML is an extensible open source MLOps framework from ZenML Open Source for creating portable, production-ready machine learning pipelines. An input validation error vulnerability exists in ZenML version 0.83.1, which stems from the failure of the PathMaterializer class to effectively detect...

ZOHO ManageEngine ADManager Plus 安全漏洞

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

PT-2025-42823

Name of the Vulnerable Software and Affected Versions TP-Link Omada Gateway affected versions not specified Description An arbitrary OS command may be executed by a remote attacker. An unauthenticated attacker can potentially execute commands on the system. The issue allows for remote command...

CVE-2018-25118 GeoVision Command Injection RCE via /PictureCatch.cgi

GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life EOL by the vendor. VulnCheck has...

CVE-2018-25118

CVE-2018-25118 Affected products (from provided docs): GeoVision GV-BX1500 and GV-MFD1501 IP cameras. The vulnerability is a remote command injection via the endpoint /PictureCatch.cgi that allows an attacker to execute arbitrary commands on the device. The vendor notes these models are end-of-li...