RAGFlow 安全漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow open source. A security vulnerability exists in RAGFlow versions prior to 0.23.0, which stems from the front-end Canvas CodeExec component using eval to parse untrusted data without filtering or sandboxing,...

VulnCheck KEV: CVE-2015-10145

Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/runcommands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary she...

PT-2025-54459

Name of the Vulnerable Software and Affected Versions RAGFlow versions prior to 0.23.0 Description RAGFlow is a Retrieval-Augmented Generation engine susceptible to arbitrary system command execution. A low-privileged authenticated user can execute commands on the server host process through the...

CVE-2022-50691

MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands.sh endpoint by sending malicious command values to gain root-level system...

CVE-2022-50691

MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands.sh endpoint by sending malicious command values to gain root-level system...

CVE-2022-50691

CVE-2022-50691 affects MiniDVBLinux 5.4. The flaw is a Remote Command Execution via the GET parameter named command on the /tpl/commands.sh endpoint, allowing unauthenticated attackers to execute arbitrary commands with root privileges. Exploitation details in connected sources confirm network-ex...

CVE-2025-66848

JD Cloud NAS routers AX1800 4.3.1.r4308 and earlier, AX3000 4.3.1.r4318 and earlier, AX6600 4.5.1.r4533 and earlier, BE6500 4.4.1.r4308 and earlier, ER1 4.5.1.r4518 and earlier, and ER2 4.5.1.r4518 and earlier contain an unauthorized remote command execution vulnerability...

MiniDVBLinux 安全漏洞

MiniDVBLinux is a multimedia center software from the German company MiniDVBLinux. A security vulnerability exists in MiniDVBLinux version 5.4, which originates from a command GET parameter that allows an unauthenticated attacker to execute arbitrary commands, potentially resulting in remote...

Ateme Flamingo XL 安全漏洞

Ateme Flamingo XL is an application from Ateme, Inc. A security vulnerability exists in Ateme Flamingo XL version 3.2.9, which stems from a restricted shell escape and could lead to the execution of arbitrary commands...

CVE-2025-66848

CVE-2025-66848 affects JD Cloud NAS routers: AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 (4.5.1.r4533 and earlier), BE6500 (4.4.1.r4308 and earlier), ER1 (4.5.1.r4518 and earlier), and ER2 (4.5.1.r4518 and earlier). The vulnerability is an unauthorized remote comman...

PT-2025-54241

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and earlier Description The software contains an authenticated command injection issue in the www-data-handler.php script. Attackers can inject system commands through the services POST parameter...

Command Execution Vulnerability in RG-EST350 V2 of Beijing StarNet Ruijie Network Technology Co.

Ruijie EST350-V2 is a wireless outdoor bridge product supporting 802.11ac protocol, which is designed for the business of video transmission or data transmission in the scenarios of tower crane, factory, scenic spot, park, planting base, fishpond aquaculture base, construction site, etc. Ruijie...

CVE-2025-69201 Tugtainer has RCE in Agent Command Execution Api

Tugtainer is a self-hosted app for automating updates of docker containers. In versions prior to 1.15.1, arbitary arguments can be injected in tugtainer-agent POST api/command/run. Version 1.15.1 fixes the issue...

CVE-2025-69201 Tugtainer has RCE in Agent Command Execution Api

Tugtainer is a self-hosted app for automating updates of docker containers. In versions prior to 1.15.1, arbitary arguments can be injected in tugtainer-agent POST api/command/run. Version 1.15.1 fixes the issue...

Exploit for Code Injection in Xwiki

CVE-2025-24893 – XWiki Remote Command Execution Proof of Conc...

MAL-2025-192954 Malicious code in api-umbrella-admin-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f5afbcc650f7845d47544c5033aba92c5a2ab80d2e0d27e99437ef31cc6c249 The package api-umbrella-admin-ui was found to contain malicious code. Source: ghsa-malware...

MAL-2025-192953 Malicious code in aiogram-types-v3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f6ba04e944f1dfda1aaa2d571fa79cd8ce4074a106bae228e582473226810baf During installation or importing the module, the package starts a reverse shell to hardcoded locatiom --- Category: MALICIOUS - The campaign has clearly...

Malicious code in ugc-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ffd0991cb1cc7098930838b404210022aa2667d78f2884417f449d85e90fb12 The package ugc-kit was found to contain malicious code. Source: ghsa-malware 4e44ecda4e96910709480e50046146e482992e36fb2e8429211e1f653376d123 Any...

Exploit for Command Injection in Fit2Cloud 1Panel

CVE-2025-54424 CVE-2025-54424: 1Panel client vulnerability in...

Exploit for Deserialization of Untrusted Data in Facebook React

⚡ react2shellpoc 🚨 Educational Proof of Concept – Handle...