EUVD-2025-202722

OS Command Injection vulnerability in Ruijie RG-YST EST, YSTAP3.01B11P280YST250F V1.xxV2.xx allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua...

EUVD-2025-202735

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restartmodules in file /usr/lib/lua/luci/controller/admin/common.lua...

CVE-2025-36934

In bigoworkerthread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-56108

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua...

CVE-2025-56096

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restartmodules in file /usr/lib/lua/luci/controller/admin/common.lua...

PT-2025-50677

Name of the Vulnerable Software and Affected Versions Ruijie X30-PRO version X30-PRO-V1 09241521 Description An OS Command Injection issue exists in Ruijie X30-PRO version X30-PRO-V1 09241521. Attackers can execute arbitrary commands by sending a specially crafted POST request to the pwdmodify...

CVE-2025-56113

CVE-2025-56113 affects Ruijie RG-YST EST and YSTAP 3.0(1)B11P280YST250F, with the vulnerable component being the pwdmodify function in /usr/lib/lua/luci/modules/common.lua. The root cause is an OS Command Injection vulnerability triggered by a crafted POST request to pwdmodify, allowing an attack...

CVE-2025-56096

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restartmodules in file /usr/lib/lua/luci/controller/admin/common.lua...

CVE-2025-56099

OS Command Injection vulnerability in Ruijie RG-YST AP3.01B11P280YST250F allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua...

Ruijie RG-BCR 安全漏洞

Ruijie RG-BCR is a series of cloud routers from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-BCR RG-BCR600W version, which originates from unvalidated input to the restartmodules function in the file /usr/lib/lua/luci/controller/admin/common.lua, which could lead to an OS...

WBCE CMS 代码问题漏洞

WBCE CMS is a PHP and MySQL based open source content management system CMS from WBCE CMS Open Source. A code issue vulnerability exists in WBCE CMS version 1.6.3 and prior versions, which stems from allowing administrators to upload malicious modules that could lead to remote code execution...

PT-2025-50767

Name of the Vulnerable Software and Affected Versions WBCE CMS versions prior to 1.6.3 WBCE CMS version 1.6.3 Description WBCE CMS versions 1.6.3 and earlier have a flaw that permits administrators to execute code remotely by uploading malicious modules. An attacker can create a ZIP module...

CVE-2025-56096

CVE-2025-56096 affects Ruijie RG-BCR600W devices. The issue is an OS Command Injection in the restart_modules function of /usr/lib/lua/luci/controller/admin/common.lua, exploitable via a crafted POST request. Supported by multiple sources (NVD, Red Hat, ENISA/EUVD, CNNVD, CVE listings). Base metr...

CVE-2025-56096

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restartmodules in file /usr/lib/lua/luci/controller/admin/common.lua...

PT-2025-50666

Name of the Vulnerable Software and Affected Versions Ruijie RG-BCR600W affected versions not specified Description An issue exists in Ruijie RG-BCR600W that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the restart modules function located in...

CVE-2025-56099

CVE-2025-56099 affects Ruijie RG-YST AP with firmware 3.0(1)B11P280YST250F. The issue is an OS Command Injection in the pwdmodify handler located at /usr/lib/lua/luci/modules/common.lua, triggered by a crafted POST request. The vulnerability allows an attacker to execute arbitrary commands with l...

CVE-2025-56108

CVE-2025-56108 affects Ruijie X30-PRO (X30-PRO-V1_09241521). An OS command injection via a crafted POST to /usr/lib/lua/luci/modules/common.lua pwdmodify allows arbitrary command execution. Root cause: improper handling in the pwdmodify function. Impact: high (remote command execution with networ...

CVE-2025-13653

In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges...

Malicious Package

Overview modules-runtime is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-202361

Malicious code in modules-runtime npm...