SQLite sqldiff 安全漏洞

SQLite sqldiff is an open-source SQLite database difference comparison tool developed by SQLite. SQLite sqldiff has a security vulnerability, which stems from the improper handling of Unicode characters during the conversion to ANSI code pages at the Windows C runtime. Attackers can load arbitrar...

Neterbit NW-431F Router 安全漏洞

The Neterbit NW-431F Router is a 4G LTE wireless router produced by the Neterbit company. The Neterbit NW-431F Router, version NW-431F-20241014-IR03, has a security vulnerability. This vulnerability stems from command injection in the atcommand.asp interface, which may allow remote attackers to...

Neterbit NW-431F Router 安全漏洞

The Neterbit NW-431F Router is a 4G LTE wireless router produced by the Neterbit company. The Neterbit NW-431F Router versions 20241014-IR03 and earlier has a security vulnerability. This vulnerability stems from the network diagnostic module not properly cleaning up user input, which may lead to...

Progress Software多款产品 命令注入漏洞

Progress Software MOVEit is a product of the American company Progress Software. Progress Software MOVEit is a secure file transfer software. Progress Software LoadMaster is a series of application delivery controllers and load balancing products. Progress Software ECS Connections Manager is a...

GX Group Earth 2022 ONT 操作系统命令注入漏洞

GX Group Earth 2022 ONT is an FTTH optical network terminal device developed by the Turkish company GX Group. The GX Group Earth 2022 ONT has a vulnerability related to operating system command injection. This vulnerability arises from improper handling of user input by multiple diagnostic...

NetworkManager 操作系统命令注入漏洞

NetworkManager is an open-source network management daemon developed by NetworkManager. NetworkManager has a vulnerability related to operating system command injection. This vulnerability stems from the dhclient backend’s handling of format-errors in Manufacturer Usage Description URLs, leading ...

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the aicmd tool executing with full root access, and it involves direct passing of socket inputs to popen, which may allow...

Cloud Foundry BOSH 安全漏洞

Cloud Foundry BOSH is a cloud infrastructure automation platform developed by the US-based Cloud Foundry company. All versions of Cloud Foundry BOSH, as well as previous versions, have security vulnerabilities. These vulnerabilities stem from the name parameter in PackagePersister.validatetgz bei...

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from the improper handling of special characters in the incoming VPN network configuration files. This vulnerability may allow for command...

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from failing to properly evaluate the command permissions of multiple internal opcodes. This vulnerability may allow unauthorized applications to...

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from the FieldX MDM adb messaging topic directly passing unvalidated payloads to Runtime.exec, potentially leading to command injection...

Cloud Foundry BOSH Director 安全漏洞

Cloud Foundry BOSH Director is a cloud infrastructure deployment and lifecycle management platform developed by the US Cloud Foundry company. All versions of Cloud Foundry BOSH Director, as well as previous versions, have security vulnerabilities. These vulnerabilities stem from the use of the na...

PT-2026-46845

Summary The log file name parameter in the stata do API and CLI is directly interpolated into a Stata command string without sanitization. The security guard GuardValidator only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands includi...

CVE-2025-67447

The network diagnosis ping module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address field before passing it to the system's ping command. An attacker can inject arbitrary OS commands,...

CVE-2026-35906

An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string...

PT-2026-46140

The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec, allowing command/instruction injection...

Shibby Tomato 操作系统命令注入漏洞

Shibby Tomato is a third-party router firmware developed by Shibby’s individual developers. Version 1.28.0000 of Shibby Tomato contains a vulnerability related to operating system command injection. This vulnerability stems from the rstatspath function in the web UI component’s /bin/rstats file,...

RockyLinux 10 : cockpit (RLSA-2026:21676)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:21676 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly...

Oracle Linux 8 : vim (ELSA-2026-22730)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-22730 advisory. - RHEL-170126 CVE-2026-35177 vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass - RHEL-159620 CVE-2026-33412 vim: Vim: Arbitrary code...

PT-2026-46398

Name of the Vulnerable Software and Affected Versions Shibby Tomato version 1.28.0000 Description An OS command injection issue exists in the Web UI component within the start vpnserver function of the /sbin/rc file. This flaw allows a remote attacker to execute arbitrary operating system command...