CVE-2024-39798

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

CVE-2024-39602

An external config control vulnerability exists in the nas.cgi setnas functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39800

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

KAON CG3000TC和KAON CG3000T 信任管理问题漏洞

The KAON CG3000TC and KAON CG3000T are both high-performance wireless gateways from KAON Japan. The KAON CG3000TC and KAON CG3000T suffer from a trust management issue vulnerability that stems from firmware containing hard-coded plaintext credentials, which could allow an unauthenticated, remote...

PT-2026-1952

Name of the Vulnerable Software and Affected Versions Ruckus vRIoT IoT Controller versions prior to 3.0.0.0 GA Description The Ruckus vRIoT IoT Controller firmware exposes a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcod...

PT-2026-2237

CVE-2026-22634 - Apache HTTP Server Unauthenticated Remote Command Execution CVE ID : CVE-2026-22634 Published : Jan. 9, 2026, 4:15 a.m. | 2 hours, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...

Zenitel ICX500和Zenitel ICX510 安全漏洞

The Zenitel ICX500 and Zenitel ICX510 are both communication and control platforms from Zenitel Norway. A security vulnerability exists in the Zenitel ICX500 and Zenitel ICX510 that can be exploited by an authenticated attacker to execute commands via the device hostname...

SUSE-SU-2026:20041-1 Security update for bluez

This update for bluez fixes the following issues: - CVE-2023-45866: keystroke injection and arbitrary command execution via HID device connections bsc1217877...

MAL-2026-167 Malicious code in icon-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c036555d918021fafe661296499aab549fac428c2b9cefb72670f63914dfa974 The package icon-service was found to contain malicious code. Source: ossf-package-analysis...

CVE-2017-20216

FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem functi...

N8n < 2.0.0 Multiple Vulnerabilities

According to its banner, the version of n8n running on the remote host is 1.0.0 or later and before 2.0.0. It is, therefore, affected by multiple vulnerabilities: - An authenticated arbitrary file read and file write vulnerability - An authenticated arbitrary command execution vulnerability in...

KAYSUS KS-WR3600 安全漏洞

The KAYSUS KS-WR3600 is a wireless router from the Chinese company KAYSUS. A security vulnerability exists in the KAYSUS KS-WR3600, which stems from the SSH service being enabled by default and the root account not having a password, which could lead to arbitrary command execution...

D-Link DIR-605L 安全漏洞

The D-Link DIR-605L is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-605L that stems from improper access control of the serial interface, which could lead to an arbitrary command execution attack...

GL-Inet GL-AXT1800 安全漏洞

The GL-Inet GL-AXT1800 is a WiFi6 wireless router from GL-Inet China. A security vulnerability exists in the GL-Inet GL-AXT1800 v4.6.8, which stems from improper input cleanup of the plugins.installpackage RPC method, which could lead to the execution of arbitrary commands...

CVE-2019-25289 INIM Electronics SmartLiving SmartLAN/G/SI <=6.x Remote Command Execution

SmartLiving SmartLAN =6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system function call to execute arbitrary system commands with root...

CVE-2017-20216

CVE-2017-20216 concerns FLIR Thermal Camera PT-Series firmware 8.0.0.64, where multiple unauthenticated remote command injection vulnerabilities exist in the controllerFlirSystem.php script. The root cause is unsanitized POST parameters in the execFlirSystem() function leading to shell_exec() cal...

GHSA-H4RF-624J-GJ33 terminal-controller-mcp vulnerable to Command Injection

A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...

CVE-2013-6027

Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/toolsmisc.xgi...

CVE-2013-6349

McAfee Email Gateway MEG 7.0 before 7.0.4 and 7.5 before 7.5.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2022-27945

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands such as telnetd via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi...