The vulnerability of the ui_get_input_value() function in Netgear WG302v2 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the uigetinputvalue function in Netgear WG302v2 router microprogramming software is related to the lack of measures taken to clean data at the control level when processing the host parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...

The vulnerability of the SMTP protocol implementation in the software platform for managing identification and access control in Keycloak allows a perpetrator to execute arbitrary commands.

The vulnerability of the SMTP protocol implementation for managing identities and access control in Keycloak relates to the failure to neutralize CRLF sequences. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Multiple vulnerabilities in Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series

Overview Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series provided by SATO Corporation contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-22469 Unrestricted upload of file with dangerous type CWE-434 - CVE-2025-22470 MASAHIRO IIDA of LAC Co., Ltd...

NVIDIA Triton Inference Server 安全漏洞

Triton Inference Server is a high-performance inference service engine developed by NVIDIA, designed for AI model deployment in production environments, with support for a variety of frameworks TensorFlow, PyTorch, ONNX, etc. and optimized inference performance for GPUs and CPUs. An input...

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via r.URL.Path function in the middleware process. An attacker can execute arbitrary system commands or gain control over managed hosts by accessing the backend login path without authentication...

CVE-2025-53534 RatPanel can perform remote command execution without authorization

RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed b...

CVE-2025-53534 RatPanel can perform remote command execution without authorization

RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed b...

CVE-2025-53534

CVE-2025-53534 affects RatPanel versions 2.3.19–2.5.5. The vulnerability stems from the CleanPath middleware in github.com/go-chi/chi not properly processing r.URL.Path, enabling an attacker who has backend login access to bypass authentication and execute arbitrary commands or take over hosts wi...

CVE-2025-43979

An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the xmlaction.cgi?method= endpoint...

NetWin Netwin SurgeFTP 安全漏洞

NetWin Netwin SurgeFTP is a multi-platform FTP server software from NetWin New Zealand. A security vulnerability exists in NetWin Netwin SurgeFTP version 23c8 and prior versions, which stems from an improper handling of POST requests and could lead to remote command execution...

ICT Innovations ICTBroadcast 安全漏洞

ICT Innovations ICTBroadcast is a web-based automated calling and communication platform from ICT Innovations Pakistan. A security vulnerability exists in ICTBroadcast 7.4 and prior versions that stems from not properly handling session cookie data, which could lead to remote command execution...

PT-2025-32253 · Undefined · Undefined

CVE-2025-54976 - Apache HTTP Server Unvalidated User Input Leads to Remote Command Execution CVE ID : CVE-2025-54976 Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details,...

SUSE CVE-2024-56731

Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instanc...

GHSA-FM3M-JRGM-5PPG RatPanel can perform remote command execution without authorization

Summary When an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution RCE vulnerability...

RatPanel can perform remote command execution without authorization

Summary When an attacker obtains the backend login path of RatPanel including but not limited to weak default paths, brute-force cracking, etc., they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution RCE vulnerability...

CVE-2013-10053

A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system call that invokes the system’s htpasswd binary. By injecting shell metacharacters into the username field, an...

The vulnerability of the mcp-remote proxy server lies in its failure to eliminate special elements used in the operating system command, allowing attackers to execute arbitrary commands.

The vulnerability of the mcp-remote proxy server is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the command.php file in D-Link DIR-300 and DIR-600 microprogramming routers allows a hacker to execute arbitrary commands and compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the command.php file in D-Link DIR-300 and DIR-600 router microprogramming systems arises from the lack of access and data validation restrictions in the cmd parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands and compromise the...

The vulnerability of the wget_test.asp script in the D-Link DI-7300G+ router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the wgettest.asp script of the D-Link DI-7300G+ router microprogramming system is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the wsConvertPpt component in the Chamilo LMS e-learning and content management system allows a hacker to execute arbitrary commands.

The vulnerability of the wsConvertPpt component in the Chamilo LMS e-learning and content management system is related to the lack of measures taken to clean data at the administrative level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...