CVE-2025-37133 Authenticated Command Injection Vulnerability in AOS-8 Controller/Mobility Conductor Web-Based Management Interface via the CLI Binaryalong with accounting controls for tracking and logging user activities and resource usage.

An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2025-37146 Unauthorized Filesystem Operations in System Firmware allow Authenticated Remote Code Execution

A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

CVE-2025-37146 Unauthorized Filesystem Operations in System Firmware allow Authenticated Remote Code Execution

A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

CVE-2025-58325

An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands...

CVE-2025-58325

CVE-2025-58325 describes an issue in FortiOS where a local, authenticated attacker can execute system commands via crafted CLI commands. Affected firmware includes FortiOS 7.6.0 and 7.4.0–7.4.5, 7.2.5–7.2.10, 7.0.0–7.0.15, and all 6.4 versions. The vulnerability is categorized as CWE-684 (Incorre...

CVE-2025-58325

An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands...

CVE-2025-58325

An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands...

CVE-2025-37729

Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated...

Directory Traversal

bbot is vulnerable to Directory Traversal. The vulnerability is due to gitdumper processing content from remote git repositories without proper sanitization, which allows an attacker to supply a malicious repository that triggers execution of arbitrary commands...

CVE-2025-46581 ZTE ZXCDN product has a Struts RCE Vulnerability

ZTE's ZXCDN product is affected by a Struts remote code execution RCE vulnerability. An unauthenticated attacker can remotely execute commands with non-root privileges...

CVE-2025-46581 ZTE ZXCDN product has a Struts RCE Vulnerability

ZTE's ZXCDN product is affected by a Struts remote code execution RCE vulnerability. An unauthenticated attacker can remotely execute commands with non-root privileges...

PT-2025-41990

Name of the Vulnerable Software and Affected Versions network access point configuration services affected versions not specified Description A flaw exists in the web-based management interface of network access point configuration services that could allow a remote attacker with authentication t...

Hewlett Packard Enterprise ArubaOS 安全漏洞

Hewlett Packard Enterprise ArubaOS HPE ArubaOS is a networked wireless operating system from Hewlett Packard Enterprise USA. A security vulnerability exists in Hewlett Packard Enterprise ArubaOS HPE ArubaOS that stems from a command injection vulnerability in the command line interface, which cou...

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon suffers from a command injection vulnerability that stems from the application's failure to...

Windsurf 安全漏洞

Windsurf is an AI programming software from Windsurf. A security vulnerability exists in Windsurf version 1.10.7, which stems from the possibility of creating filenames appended to user prompts when using the SWE-1 model in Write mode, causing Windsurf to execute its commands...

PT-2025-41976

Name of the Vulnerable Software and Affected Versions AOS-10 GW affected versions not specified AOS-8 Controller/Mobility Conductor affected versions not specified Description An arbitrary file write issue exists in the web-based management interface. Successful exploitation could allow an...

Rapid7 Velociraptor Incorrect Default Permissions Vulnerability

Rapid7 Velociraptor contains an incorrect default permissions vulnerability that can lead to arbitrary command execution and endpoint takeover. To successfully exploit this vulnerability the user must already have access to collect artifacts from the endpoint...

PT-2025-42181

Name of the Vulnerable Software and Affected Versions FreePBX Endpoint Manager versions prior to 16.0.92 FreePBX Endpoint Manager versions prior to 17.0.6 Description The software includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery...

HPE Aruba Networking EdgeConnect OS 安全漏洞

HPE Aruba Networking EdgeConnect OS is an operating system from HPE America. A security vulnerability exists in HPE Aruba Networking EdgeConnect OS that stems from an arbitrary file write vulnerability in the web-based management interface, which could lead to the upload of arbitrary files and...

EUVD-2025-34069

Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated...