CVE-2025-28039

TOTOLINK EX1200T V4.1.2cu.5232B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter...

Command Execution Vulnerability in UFIDA U8Cloud at UFIDA Network Technology Co.

UFIDA U8Cloud is an enterprise-level ERP used to assist companies in achieving efficient and digitalized business collaboration and process management. A command execution vulnerability exists in UFIDA U8Cloud, which can be exploited by an attacker to execute arbitrary commands...

BIT-PYTORCH-2025-32434 PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

Command Execution Vulnerability in NX15000 of Xinhua San Technologies Co.

The NX15000 is a high-end router. A command execution vulnerability exists in the NX15000 of Xinhua San Technologies Limited, which can be exploited by an attacker to execute arbitrary commands...

NETGEAR WNR854T addmap_exec function command execution vulnerability

The NETGEAR WNR854T is a wireless router from NETGEAR. A command execution vulnerability exists in the NETGEAR WNR854T version 1.5.2, which stems from the addmapexec function failing to properly filter constructor command special characters, commands, and more. An attacker can exploit this...

CVE-2024-53304

An issue in LRQA Nettitude PoshC2 after commit 09ee2cf allows unauthenticated attackers to connect to the C2 server and execute arbitrary commands via posing as an infected machine...

Command Execution Vulnerability in the Management Server of Guangdong Paulan Electronics Co.

Ltd. is a high-tech enterprise integrating R&D, design, production, sales and service of audio-visual system overall solution products. There is a command execution vulnerability in the itc center management server of Guangdong Paulan Electronics Co., Ltd, which can be exploited by attackers to...

Command Execution Vulnerability in e-cology of Shanghai Panmicro Network Technology Co. Ltd (CNVD-2025-07886)

e-cology is an enterprise-level collaborative office automation system that provides comprehensive informatization solutions mainly for medium and large enterprises. It is characterized by intelligence, platform and full digitalization, aiming to improve the efficiency and management level of the...

CVE-2025-26003

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest...

The vulnerability of the sub_410C80() function in the cstecgi.cgi script of the TOTOLINK X18 router’s microprogramming system, which allows a hacker to execute arbitrary commands.

The vulnerability of the sub410C80 function in the cstecgi.cgi script of the TOTOLINK X18 router’s microprogramming system is related to the lack of data cleaning measures at the control level when processing the mtkhnatEnable parameter. Exploiting this vulnerability allows an attacker to execute...

CVE-2025-26003

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest...

CVE-2024-7764 SQL Injection in vanna-ai/vanna

Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting additional SQL commands from user requests. The vulnerability occurs when the generatesql function calls extractsql with the LLM response. An attacker can include a semi-colon between a search data fie...

CVE-2025-30076

Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter...

CVE-2025-30076

Koha vulnerability CVE-2025-30076: affects Koha prior to 24.11.02, where admins can execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter. Root cause is unvalidated shell input allowing command execution. Impact is authenticated admin access leading to pot...

CVE-2024-54018

Multiple improper neutralization of special elements used in an OS Command vulnerabilities CWE-78 in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests...

CVE-2025-22368

The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS...

Command Execution Vulnerability in the Management Panel of Car Park Server of Xiamen KTO Communication Technology Co.

Xiamen KTO Communication Technology Co., Ltd. is a professional smart parking solution provider, focusing on the smart parking industry for many years. A command execution vulnerability exists in the management panel of the car park server of Xiamen KTO Communication Technology Co. Ltd, which can...

Exploit for Code Injection in Rejetto Http_File_Server

This is a PoC exploit for CVE-2024-23692, a remote code executio...

CVE-2025-27146 Matrix IRC Bridge allows IRC command injection to own puppeted user

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability h...

CVE-2025-21105

Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down t...