CVE-2025-53928

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue...

CVE-2025-34068

An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are...

CVE-2025-34116

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server...

CVE-2025-53928

MaxKB has a Remote Command Execution vulnerability in the MCP call present in versions prior to 1.10.9-lts and 2.0.0. The issue is fixed in 1.10.9-lts and 2.0.0. No exploitation details are provided beyond this, and remediation is to upgrade to the fixed versions.

CVE-2025-53928 MaxKB has RCE in MCP call

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue...

CVE-2025-53928 MaxKB has RCE in MCP call

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue...

CVE-2025-53928 MaxKB has RCE in MCP call

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue...

Anheng Mingyu Security Gateway 安全漏洞

Anheng Mingyu Security Gateway is a security gateway from the Chinese company Anheng. A security vulnerability exists in Anheng Mingyu Security Gateway versions prior to v3.0-5.3p, which originates from a remote command execution vulnerability in the logtype parameter in /log/fwsecurity.mds...

CVE-2023-47356

Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution RCE vulnerability via the logtype parameter at /log/fwsecurity.mds...

MaxKB 代码注入漏洞

MaxKB is a 1Panel-dev open source open source knowledge base question and answer system based on large language model and RAG. A code injection vulnerability exists in MaxKB 1.10.9-lts and versions prior to 2.0.0, which stems from a remote command execution vulnerability in MCP calls...

PT-2025-29925 · Mingyu · Mingyu Security Gateway

Name of the Vulnerable Software and Affected Versions: Mingyu Security Gateway versions prior to 3.0-5.3p Description: The Mingyu Security Gateway is susceptible to a remote command execution RCE issue. This occurs due to a flaw in the handling of the log type parameter within the /log/fw...

PT-2025-29912

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 1.10.9-lts MaxKB versions prior to 2.0.0 Description A Remote Command Execution issue exists in the MCP call. Recommendations Update to version 1.10.9-lts or later. Update to version 2.0.0 or later...

CVE-2023-47356

CVE-2023-47356 affects Mingyu Security Gateway prior to v3.0-5.3p. A remote command execution (RCE) exists via the log_type parameter handled at /log/fw_security.mds, arising from improper input handling. Exploitation could allow an unauthenticated attacker (network vector) with low privileges to...

PT-2025-29947

Name of the Vulnerable Software and Affected Versions Livewire versions 3.0.0 through 3.6.3 Description An issue in the Livewire full-stack framework for Laravel allows unauthenticated attackers to achieve remote command execution in specific scenarios. The problem arises from unsafe object...

CVE-2023-47356

Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution RCE vulnerability via the logtype parameter at /log/fwsecurity.mds...

CVE-2025-34125 D-Link DSP-W110A1 Cookie Command Injection

An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the...

CVE-2025-34300

Sawtooth Software Lighthouse Studio

LILIN Digital Video Recorder 安全漏洞

LILIN Digital Video Recorder is a video recorder from LILIN Corporation of Taiwan, China. A security vulnerability exists in LILIN Digital Video Recorder versions prior to 2.0b6020200207, which stems from a failure of the web service in /z/zbin/dvrbox to properly clean up the inputs to the Server...

CVE-2025-34116

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server...

CVE-2025-34068

An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are...