Planet WGR-500 安全漏洞

The Planet WGR-500 is a WiFi router from Planet in Taiwan, China. A security vulnerability exists in the Planet WGR-500 v1.3411b190912 version, which stems from improper manipulation of the counts request parameter, which could lead to arbitrary command execution...

CVE-2025-62186

Anki (Ankitects) on Windows is affected by CVE-2025-62186: versions prior to 25.02.5 are vulnerable to arbitrary command execution when playing audio via a crafted shared deck due to URL scheme mishandling. The root cause is improper handling of URL schemes in the shared deck workflow. Affected p...

Planet WGR-500 安全漏洞

The Planet WGR-500 is a WiFi router from Planet in Taiwan, China. A security vulnerability exists in Planet WGR-500 v1.3411b190912, which stems from improper manipulation of the newdevicename request parameter, which could lead to arbitrary command execution...

PT-2025-41188

Name of the Vulnerable Software and Affected Versions Anki versions prior to 25.02.5 Description A specially crafted shared deck on Windows can lead to the execution of arbitrary commands when playing audio due to improper handling of URL schemes. Recommendations Update to version 25.02.5 or late...

CVE-2025-62186

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling...

EUVD-2025-32878

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling...

Ankitects Anki 安全漏洞

Ankitects Anki is an open source program by the individual developers of Ankitects to help memorize information through the use of flash cards. A security vulnerability exists in Ankitects Anki versions prior to 25.02.5, which stems from improper handling of the URL scheme and could lead to the...

Planet WGR-500 安全漏洞

The Planet WGR-500 is a WiFi router from Planet in Taiwan, China. A security vulnerability exists in Planet WGR-500 v1.3411b190912, which stems from improper manipulation of the newpassword request parameter, which could lead to arbitrary command execution...

Planet WGR-500 swctrl OS command injection vulnerabilities

Talos Vulnerability Report TALOS-2025-2227 Planet WGR-500 swctrl OS command injection vulnerabilities October 7, 2025 CVE Number CVE-2025-54404,CVE-2025-54403 SUMMARY Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially...

CVE-2025-11298

A vulnerability was determined in Belkin F9K1015 1.00.10. Impacted is an unknown function of the file /goform/formSetWanStatic. Executing a manipulation of the argument mwanipaddr can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and m...

CVE-2025-36354

IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input...

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability

On September 18, 2025, Fortra published a security advisory regarding a critical deserialization vulnerability in GoAnywhere MFT's License Servlet, which is tracked as CVE-2025-10035 and has a CVSS score of 10.0. The vulnerability could allow a threat actor with a validly forged license response...

CVE-2025-36354 IBM Security Verify Access command execution

IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input...

EUVD-2025-32574

IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input...

Malicious code in @aviatrixdev/flight-suit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0dc9bc5d34874a3f8d1af5ce792a55535218bde1497f02e6e1d0e0f7264a25d6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Patch Now: Dell UnityVSA Flaw Allows Command Execution Without Login

WatchTowr finds a serious flaw in Dell UnityVSA CVE-2025-36604 letting attackers run commands without login. Dell issues patch 5.5.1 - update now...

Directory Traversal

Overview zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Directory Traversal via the load function in the PathMaterializer class during extraction of data.tar.gz archives. An attacker can overwrite arbitrary files, potentially leading to comma...

ZenML is vulnerable to Path Traversal through its `PathMaterializer` class

ZenML version 0.83.1 is affected by a path traversal vulnerability in the PathMaterializer class. The load function uses ispathwithindirectory to validate files during data.tar.gz extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file...

EUVD-2025-32453

ZenML version 0.83.1 is affected by a path traversal vulnerability in the PathMaterializer class. The load function uses ispathwithindirectory to validate files during data.tar.gz extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file...

CVE-2025-8406

ZenML version 0.83.1 is affected by a path traversal vulnerability in the PathMaterializer class. The load function uses ispathwithindirectory to validate files during data.tar.gz extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file...