CVE-2018-25118 GeoVision Command Injection RCE via /PictureCatch.cgi

GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life EOL by the vendor. VulnCheck has...

CVE-2018-25118

CVE-2018-25118 Affected products (from provided docs): GeoVision GV-BX1500 and GV-MFD1501 IP cameras. The vulnerability is a remote command injection via the endpoint /PictureCatch.cgi that allows an attacker to execute arbitrary commands on the device. The vendor notes these models are end-of-li...

CVE-2025-31342

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file...

CVE-2025-31342

CVE-2025-31342 : Galaxy Software Services Corporation Vitals ESP Forum Module (versions through 1.3) has an unrestricted upload of a dangerous file type in the upload file function. Remote authenticated users can execute arbitrary system commands via a malicious file, due to lack of file-type val...

CVE-2025-31342 Galaxy Software Services Vitals ESP Forum Module - Unrestricted Upload of File with Dangerous Type

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file...

EUVD-2025-35042

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file...

CVE-2025-62577

ETERNUS SF by Fsas Technologies Inc. is affected by an incorrect default permissions (CWE-276) vulnerability. A low-privileged user with access to the management server may obtain database credentials and could potentially execute OS commands with administrator privileges . The issue is associate...

Reolink Video Doorbell WiFi DB_566128M5MP_W 安全漏洞

Reolink Video Doorbell WiFi DB566128M5MPW is a visual doorbell from Reolink USA. A security vulnerability exists in Reolink Video Doorbell WiFi DB566128M5MPW, which originates from an unprotected UART serial console, and could allow a physically accessible attacker to execute arbitrary commands...

PT-2025-42751

Name of the Vulnerable Software and Affected Versions Galaxy Software Services Corporation Vitals ESP Forum Module versions through 1.3 Description An unrestricted upload of file with dangerous type flaw exists in the upload file function. This allows remote authenticated users to execute arbitra...

Exploit for CVE-2025-1094

🛠️ CVE-2025-1094 Lab Setup ⚠️ Disclaimer This lab i...

VulnCheck KEV: CVE-2023-41011

Command Execution vulnerability in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the shortcuttelnet.cg component...

MAL-2025-48461 Malicious code in @shopify.com/shopifyql-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a2bd69260e57b66e60b0e7aa07aab1d645f5cb9c42f30ce261b119e51f92ffb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the Management and Monitoring REST API when processing GET requests. An attacker can execute arbitrary commands on the target system by tricking an authenticated user into submitting malicious request...

MAL-2025-48459 Malicious code in iwf-ant-design-draggable-modal (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b9b3eeea0f26e99c27bbddc1d9e0940e5787aed77004f10d056d9fb1ded4dd8f Any computer that has this package installed or running should be considered...

Malicious code in src_dev-tool_index_ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a6c5f130294b305df1adf1e497c66d81ec09ddeffb8bb6d0c486644336706558 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in src_plugin_index_ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 396cc58d08775057aef35e59ad51a28c7379449f6f00332d193138ff8b9de09a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mediapipe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57f014791ef493e45eb5be6a2972ae2da1ea71d89b02ad886242a01dd616626d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-34513

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbusbuildfromcsv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...

CVE-2023-28815

Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary commands on the system.iSecure Center is software released for China's domest...

CVE-2025-11900 HGiga｜iSherlock - OS Command Injection

The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server...