CVE-2025-71284 Synway SMG Gateway Management Software OS Command Injection via radius_address

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

EUVD-2025-209597

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

CVE-2022-4984 ZenTao Biz < 6.5, Max < 3.0, & Open Source Edition 16.5/16.5beta1 SQL Injection via user-login.html

ZenTao Biz 6.5, ZenTao Max 3.0, ZenTao Open Source Edition 16.5, and ZenTao Open Source Edition 16.5.beta1 contain an SQL injection vulnerability in the login functionality. The application does not properly validate the account parameter on /zentao/user-login.html before using it in a database...

EUVD-2025-120687

Malicious code in vulcan-kaus-deimos-nashira npm...

PT-2025-46220

PacsOne Server version 6.6.2 prior versions are likely affected contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path'...

VulnCheck KEV: CVE-2020-36870

Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...