VulnCheck KEV: CVE-2025-64328

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the...

CVE-2025-8693

Zyxel DX3300-T0 firmware versions prior to 5.50(ABVY.6.3)C0 are affected by a post-authentication command-injection vulnerability in the priv parameter that could allow an authenticated attacker to execute OS commands. The PT-2025-47237 entry confirms the affected firmware range and the impact. R...

CVE-2025-64328

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the...

CVE-2024-48705

Wavlink AC1200 with firmware versions M32A3V1410230602 and M32A3V1410240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "setsysadm" function of the "adm.cgi" binary, and is due to improper santization ...

CVE-2012-10059

Dolibarr ERP/CRM contains a post-authenticated OS command injection in its database backup feature. In versions <= 3.1.1 and

CVE-2024-9200

A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15ABQA.2.2C0 could allow an authenticated attacker with administrator privileges to execute operating system OS commands on a vulnerable devi...