45044 matches found
CVE-2025-34184 Ilevia EVE X1 Server 4.7.18.0.eden Neuro-Core Unauthenticated Code Injection
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...
Wavlink WL-WN578W2 sub_401340 function command injection vulnerability
The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. A command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter ipaddr in the sub401340 function of the file /cgi-bin/login.cgi that fails to correctly filter the constructor...
Wavlink WL-WN578W2 sub_409184 Command Injection Vulnerability
The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. A command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter selEncrypTyp of the function sub409184 in the file /wizardrep.shtml that fails to correctly filter the constructor...
Hewlett Packard Enterprise EdgeConnect SD-WAN 安全漏洞
Hewlett Packard Enterprise EdgeConnect SD-WAN is Hewlett Packard Enterprise's secure network foundation for Zero Trust and SASE. It includes best-in-class SD-WAN and next-generation firewalls that deliver unrivaled quality of experience and advanced security. A security vulnerability exists in...
HPE Aruba Networking EdgeConnect SD-WAN Gateways 安全漏洞
HPE Aruba Networking EdgeConnect SD-WAN Gateways is an edge gateway appliance from HPE America. A security vulnerability exists in HPE Aruba Networking EdgeConnect SD-WAN Gateways, which stems from flaws in the encryption logic that could lead to the execution of arbitrary commands by an...
PT-2025-38086
Name of the Vulnerable Software and Affected Versions: HPE Aruba Networking EdgeConnect SD-WAN Gateways affected versions not specified Description: A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run...
CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource
Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...
CVE-2025-52053
TOTOLINK X6000R V9.4.0cu.1360B20241207 was found to contain a command injection vulnerability in the sub417D74 function via the filename parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request...
Security update for pcp
This update for pcp fixes the following issues: CVE-2024-3019: exposure of the redis server backend allows remote command execution via pmproxy bsc1222121. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:03233-1 Security update for pcp
This update for pcp fixes the following issues: - CVE-2024-3019: exposure of the redis server backend allows remote command execution via pmproxy bsc1222121...
CVE-2025-10359
A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor wa...
DataEase 安全漏洞
DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in Dataease version 2.10.12 and earlier, which...
TOTOLINK X6000R 安全漏洞
TOTOLINK X6000R is a wireless router supporting Wi-Fi 6 technology from China's Gion Electronics TOTOLINK, focusing on high concurrent connections and dual-band transmission capabilities. The TOTOLINK X6000R suffers from a command injection vulnerability that stems from the failure to properly...
ysoserial
This is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, called ysoserial, is a collection of utilities and property-oriented programming "gadget chains" discovered in common Java libraries that can, under the right conditions, exploit Jav...
nishang
This repository is an offensive tool for Windows systems. It contains a collection of PowerShell scripts that can be used to exploit various vulnerabilities and gain unauthorized access to a system. The scripts are designed to be used by attackers to gain a foothold on a system and then escalate...
D-Link DIR-823X 命令注入漏洞
The D-Link DIR-823X is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-823x 250416 and prior versions, which stems from the failure to properly filter constructed command special characters, commands, etc. in the parameter targetaddr in the fi...
CVE-2025-59053
AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the packages/stage-ui/src/components/MarkdownRenderer.vue path, the Markdown content is processed using the useMarkdown composable, and the processed HTML is rendered directly into the DOM using v-html. An...
MAL-2025-47101 Malicious code in quick-navigation-interface (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 293f1ac2032d67eaf1bdca4962d876dc2f82271c474d5fbf4f3a6d2d50b71d63 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ysoserial
This is a Java-based proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, named ysoserial, is designed to create gadgets that can be used to execute arbitrary commands on a vulnerable application. The gadgets are created by wrapping a...
CVE-2025-10358 Wavlink WL-WN578W2 wireless.cgi sub_404850 os command injection
A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function sub404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly...