Remote Code Execution (RCE)

9router is vulnerable to Remote Code Execution RCE. The vulnerability is due to missing authentication checks on /api/cli-tools/ and /api/mcp/ endpoints, which allows an attacker to chain unauthenticated API calls and execute arbitrary OS commands remotely...

EUVD-2026-30365

Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENTDISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...

PT-2026-41018

Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENT DISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...

EUVD-2026-6138

A vulnerability has been found in Free5GC up to 4.1.0. This affects an unknown function of the component PFCP UDP Endpoint. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

free5GC 安全漏洞

Free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of Free5GC prior to 4.1.0 contain security vulnerabilities, which stem from incorrect handling of the PFCP UDP Endpoint component. These vulnerabilities could lead to denial-of-service attacks...

Shenzhen Aitemi M300 Wi-Fi Repeater – Unauthenticated Remote Command Execution via `time` Parameter

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...

CVE-2025-65565

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association is established, a PFCP Session Establishment Request that is missing the mandatory F-SEID CPF-SEID Information Element is not properly validated. The...

CVE-2025-65567

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a specially crafted PFCP Session Establishment Request with a CreatePDR that contains a malformed Flow-Description is not robustly validated. The...

CVE-2025-34152

An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike othe...

CVE-2023-41194

D-Link DAP-1325 HNAP SetAPLanSettings SubnetMask Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability...

log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint...