EUVD-2024-44111

Malicious code in bioql PyPI...

CVE-2025-10443 Tenda AC9/AC15 exeCommand formexeCommand buffer overflow

A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The exploit is publicly...

PT-2025-35536

Name of the Vulnerable Software and Affected Versions: Tenda CH22 version 1.0.0.1 Description: A buffer overflow issue exists in the formexeCommand function of the /goform/exeCommand file. Manipulation of the cmdinput argument can lead to a buffer overflow, potentially allowing for remote...

CVE-2025-54377

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below, RooCode does not validate line breaks \n in its command input, allowing potential bypass of the allow-list mechanism. The project appears to lack parsing or validation logic to prevent...

CVE-2025-46117

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script .apdebug.sh invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to...

CVE-2025-6170

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare...

CVE-2025-6170

CVE-2025-6170 affects libxml2’s xmllint interactive shell. A stack-based buffer overflow in the command-parsing logic can cause crashes and, in rare configurations, may allow code execution. Related connected documents show patches/updates across distributions: Debian LTS advisory and Debian secu...

(0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command frames received by the MCU. When parsing...

PT-2025-25568

Name of the Vulnerable Software and Affected Versions xmllint affected versions not specified Description A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size...

CVE-2020-26071

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service DoS condition. The vulnerability is due to insufficient input validation for specific commands. ...

Cisco ATA 190 操作系统命令注入漏洞

The Cisco ATA 190 is an analog phone adapter from Cisco USA. The Cisco ATA 190 suffers from an operating system command injection vulnerability that arises from improperly cleaned CLI input. An authenticated, local attacker with elevated privileges could use this vulnerability to execute arbitrar...

Tenda O3 安全漏洞

Tenda O3 is an outdoor wireless bridge from Tenda, China. A security vulnerability exists in Tenda O3, which stems from the manipulation of the parameter cmdinput in the function formexeCommand can lead to a stack-based buffer overflow, which could allow remote launch of an attack. No detailed...

CVE-2024-4491

A vulnerability classified as critical was found in Tenda i21 1.0.0.144656. This vulnerability affects the function formGetDiagnoseInfo. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the publ...

WiFi Mouse 1.8.3.2 - Remote Code Execution Exploit

Exploit Title: WiFi Mouse 1.8.3.2 - Remote Code Execution RCE Author: Payal Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.8.3.2 Tested on: Windows 10 Pro Build 21H2 Desktop Server software used by mobile app has PIN option which does not to prevent...

PT-2023-2504 · Cisco · Cisco Access Point

Name of the Vulnerable Software and Affected Versions: Cisco access point AP software affected versions not specified Description: A vulnerability in the management CLI of Cisco access point software could allow an authenticated, local attacker to cause a denial of service DoS condition on an...

PT-2023-19792 · Nethack +1 · Nethack +1

Name of the Vulnerable Software and Affected Versions: NetHack versions 3.6.2 through 3.6.6 Description: The issue arises from illegal input to the "C" call command, which can cause a buffer overflow and crash the NetHack process. This may pose a security risk for systems with NetHack installed...

PT-2023-10600 · Insteon · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: The issue concerns a buffer overflow vulnerability in the PubNub message handler for the "cc" channel. It can be triggered by sending specially crafted commands through the PubNub service, causing a...

WiFi Mouse 1.7.8.5 - Remote Code Execution Exploit (2)

Exploit Title: WiFi Mouse 1.7.8.5 - Remote Code Execution Author: H4rk3nz0 Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.7.8.5 Tested on: Windows Enterprise Build 17763 ​ Python 3 port done by RedHatAugust Original exploit:...

CVE-2021-42376

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input...

CVE-2021-42375

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input...