Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Apache Tomcat

" CVE-2024-50379" CVE-2024-50379 là một lỗ hổng bảo mật nghi...

CVE-2024-45354

A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2025-28256

An issue in TOTOLINK A3100R V4.1.2cu.5247B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cstemodules/wireless.so...

CVE-2024-45351

A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2025-26003

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest...

CVE-2024-45354

A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2024-45354 xiaomi shop application Webview has code execution vulnerability

A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2024-45354 xiaomi shop application Webview has code execution vulnerability

A code execution vulnerability exists in the Xiaomi shop applicationproduct. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2024-45354

CVE-2024-45354 affects the Xiaomi shop application (product) where the root cause is improper input validation in a code path handling user-supplied data, enabling potential remote code execution. The CVSS 3.1 metrics indicate Network access with low attack complexity, no privileges required, use...

CVE-2024-45352

An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2024-45352 Xiaomi smarthome application Webview has code execution vulnerability

An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2024-45352 Xiaomi smarthome application Webview has code execution vulnerability

An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2024-45352

CVE-2024-45352 affects the Xiaomi Smarthome application. A code execution vulnerability exists due to improper input validation in the internal API parser. The connected exploit document provides a PoC showing unauthenticated RCE via a crafted request to the local API (curl to /api/parse), implyi...

CVE-2025-29635

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/setprohibiting via the corresponding function, triggering remote command execution...

PT-2025-13026 · Xiaomi · Xiaomi Smarthome Application

Name of the Vulnerable Software and Affected Versions: Xiaomi smarthome application affected versions not specified Description: A code execution issue exists due to improper input validation, allowing attackers to execute malicious code. Recommendations: At the moment, there is no information...

The vulnerability of the sub_410C80() function in the cstecgi.cgi script of the TOTOLINK X18 router’s microprogramming system, which allows a hacker to execute arbitrary commands.

The vulnerability of the sub410C80 function in the cstecgi.cgi script of the TOTOLINK X18 router’s microprogramming system is related to the lack of data cleaning measures at the control level when processing the mtkhnatEnable parameter. Exploiting this vulnerability allows an attacker to execute...

CVE-2024-45351

CVE-2024-45351 affects Xiaomi Game Center app. Connected documents indicate the flaw is due to improper input validation, enabling code execution. The risk details from CVSS v3.1 show LOCAL attack vector, LOW attack complexity, and user interaction required, with all three impact metrics (confide...

CVE-2024-45351 Game center application has code execution Vulnerability

A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code...

CVE-2025-26003

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest...

CVE-2025-2531

Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visi...