CVE-2025-45798

A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cstemodules/system.so library, specifically in the processing of the IpTo parameter...

CVE-2025-44023

An issue in dlink DNS-320 v.1.00 and DNS-320LW v.1.01.0914.20212 allows an attacker to execute arbitrary via the accountmgr.cgi-cgichgadminpw components...

PT-2025-23779 · Delta Electronics · Cncsoft

Name of the Vulnerable Software and Affected Versions: Delta Electronics CNCSoft affected versions not specified Description: The issue is related to the lack of proper validation of user-supplied files in Delta Electronics CNCSoft. If a user opens a malicious file, an attacker can execute code i...

CVE-2025-45798

A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cstemodules/system.so library, specifically in the processing of the IpTo parameter...

PT-2025-20426 · Ibm · Ibm Cics Tx Standard +1

Name of the Vulnerable Software and Affected Versions: IBM CICS TX Standard versions 11.1 IBM CICS TX Advanced versions 10.1 through 11.1 Description: The issue is due to the failure to handle DNS return requests by the gethostbyname function, which could allow a local user to execute arbitrary...

CVE-2025-35939

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

CVE-2025-3925

BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on the device once code execution has been obtained...

CVE-2025-3925 BrightSign Players Execution with Unnecessary Privileges

BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on the device once code execution has been obtained...

RLSA-2024:6197 Moderate: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: format string injection leads to shell command execution SAFER bypass...

RLSA-2024:5298 Moderate: gnome-shell security update

GNOME Shell acts as a compositing manager for the desktop, and displays both application windows and other objects. It provides core interface functions like switching windows, launching applications, and notifications. It takes advantage of the capabilities of modern graphics hardware and...

postgresql:15 security update

An update is available for postgresql, postgres-decoderbufs, module.pgrepack, module.pgaudit, module.postgresql, pgaudit, pgrepack, module.postgres-decoderbufs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RLSA-2024:4242 Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

TOTOLINK A950RG/A810R Command Execution Vulnerability

TOTOLINK A950RG and TOTOLINK A810R are both products of China's Gion Electronics TOTOLINK.TOTOLINK A950RG is a super-generation Giga wireless router.TOTOLINK A810R is a wireless dual-band router. A command execution vulnerability exists in the TOTOLINK A950RG and TOTOLINK A810R, which stems from...

CVE-2025-46816

goshs is a SimpleHTTPServer written in Go. Starting in version 0.3.4 and prior to version 1.0.5, running goshs without arguments makes it possible for anyone to execute commands on the server. The function dispatchReadPump does not checks the option cli -c, thus allowing anyone to execute arbitra...

CVE-2025-46731

Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and ALLOWADMINCHANGES must be enabled for this to work...

Command Execution Vulnerability in MaxKB at Hangzhou Feizhiyun Information Technology Co.

MaxKB is an open source knowledge base Q&A system based on big language model and RAG under Hangzhou Feizhiyun Information Technology Co. MaxKB has a command execution vulnerability that can be exploited by attackers to execute commands...

PT-2025-19763

Name of the Vulnerable Software and Affected Versions aws-amplify/amplify-codegen-ui affected versions not specified Description The issue is related to a lack of input validation in the AWS Amplify Studio UI component property expressions. This could potentially allow an authenticated user who h...

CVE-2025-45800

TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cstemodules/global.so library, specifically in the processing of the deviceMac parameter...

CVE-2025-45800

TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cstemodules/global.so library, specifically in the processing of the deviceMac parameter...

CVE-2025-45800

Totolink A950RG (version 4.1.2cu.5204_B20210112) contains a command execution vulnerability in the setDeviceName interface, specifically in the processing of the deviceMac parameter within /lib/cste_modules/global.so. The issue is triggered via network access to the interface and could allow an a...