CVE-2025-14738

Improper authentication vulnerability in TP-Link WA850RE httpd modules allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2160527, ≤ WA850RE V3160922...

CVE-2025-14737

CVE-2025-14737 concerns a command-injection vulnerability in TP-Link WA850RE (httpd modules) that allows an authenticated adjacent attacker to inject arbitrary commands. Affected devices include WA850RE V2_160527 and WA850RE V3_160922 (and earlier), with exploitation described as possible (PoC) p...

CVE-2025-14737 Command Injection Vulnerability in TP-Link WA850RE

Command Injection vulnerability in TP-Link WA850RE httpd modules allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2160527, ≤ WA850RE V3160922...

Security update 5.0.6 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...

PT-2025-52276

Command Injection vulnerability in TP-Link WA850RE httpd modules allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2 160527, ≤ WA850RE V3 160922...

CVE-2025-67747 Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing marshal and types from the block list of unsafe module imports. Fickling started blocking both modules to address this issue. This allows an attacker to craft a malicious pickle file that can bypass...

CVE-2025-67747 Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing marshal and types from the block list of unsafe module imports. Fickling started blocking both modules to address this issue. This allows an attacker to craft a malicious pickle file that can bypass...

EUVD-2025-203479

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing marshal and types from the block list of unsafe module imports. Fickling started blocking both modules to address this issue. This allows an attacker to craft a malicious pickle file that can bypass...

CVE-2025-67747

CVE-2025-67747 concerns Fickling, a Python pickle analysis tool. Multiple sources document that versions prior to 0.1.6 did not include marshal and types in the unsafe-import blocklist, allowing a crafted pickle to bypass safety checks due to missing detections for marshal.loads and types.Functio...

SUSE CVE-2025-64750

SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so...

Honeywell PM43 Industrial Printers Improper Input Validation (CVE-2023-3710)

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM Printer web page modules allows Command Injection. This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 e.g. P10.19.050006...

GHSA-565G-HWWR-4PP3 Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list

Fickling Assessment Based on the test case provided in the original report below, this bypass was caused by marshal and types missing from the block list of unsafe module imports, Fickling started blocking both modules to address this issue. This was fixed in...

GO-2025-4169 Mattermost fails to sanitize team email addresses in github.com/mattermost/mattermost-server

Mattermost fails to sanitize team email addresses in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

Exploit for Deserialization of Untrusted Data in Facebook React

Exploitest This repository serves as a cent...

org.elasticsearch.plugin:transport-netty4 (>=9.2.0 <=9.2.1), org.elasticsearch.plugin:x-pack-core (>=9.2.0 <=9.2.1) +3 more potentially affected by CVE-2025-37731 via org.elasticsearch:elasticsearch-ssl-config (>=9.2.0 <=9.2.1)

org.elasticsearch:elasticsearch-ssl-config MAVEN version =9.2.0, =9.2.0, =9.2.0, =9.2.0, =9.2.0, =9.2.0, =9.2.1 Source cves: CVE-2025-37731 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-14417579...

CVE-2025-34506

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed...

CVE-2025-56099

OS Command Injection vulnerability in Ruijie RG-YST AP3.01B11P280YST250F allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua...

CVE-2025-34506

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed...

EUVD-2025-202722

OS Command Injection vulnerability in Ruijie RG-YST EST, YSTAP3.01B11P280YST250F V1.xxV2.xx allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua...

EUVD-2025-202735

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restartmodules in file /usr/lib/lua/luci/controller/admin/common.lua...