The vulnerability of the bs_setCmd() function in the libshare-0.0.26.so library of the LB-LINK microprogramming router software allows a attacker to execute arbitrary commands.

The vulnerability of the bssetCmd function in the libshare-0.0.26.so library of the LB-LINK router software lies in the failure to take data cleaning measures at the control level when processing the cmd parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary comman...

The vulnerability of the web interface of IBM OpenPages and IBM OpenPages with Watson allows a hacker to inject any command they desire.

The vulnerability of the IBM OpenPages and IBM OpenPages with Watson web interfaces relates to improper processing of output data for registration logs. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

TencentOS Server 3: pcp (TSSA-2024:0223)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0223 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2025-39240

Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command...

PT-2025-25461 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a remote command execution vulnerability. No information is provided about the estimated number of potentially affected devices worldwide or real-world inciden...

CVE-2025-39240

Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command...

CVE-2025-39240

Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command...

CVE-2025-39240

Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command...

CVE-2025-39240

CVE-2025-39240 affects Hikvision Wireless Access Point products. The vulnerability stems from insufficient input validation, enabling authenticated remote command execution when an attacker with valid credentials sends crafted packets containing malicious commands. Reported impact is arbitrary co...

The vulnerability of the SSLVPN microprogramming software for network interfaces from SonicWall SMA 100 allows a intruder to execute arbitrary commands.

The vulnerability of the SSLVPN microprogramming software for network interfaces from SonicWall SMA 100 relates to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

PT-2025-25398 · Hikvision · Hikvision Wireless Access Point

Name of the Vulnerable Software and Affected Versions: Hikvision Wireless Access Point affected versions not specified Description: The issue is related to insufficient input validation, allowing authenticated remote command execution. Attackers with valid credentials can exploit this by sending...

CVE-2025-1041

An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0...

CVE-2025-49004

Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious website to hijack the authentication flow of Caido and achieve code execution. A malicious website load...

CVE-2025-41661

CVE-2025-41661 affects Weidmueller IE-SR-2TX-WL security routers. The vulnerability is a lack of CSRF protection in the main web interface, enabling an unauthenticated remote attacker to execute arbitrary commands with root privileges on affected devices. Several connected sources (Red Hat, NVD, ...

CVE-2025-41662

...

CVE-2025-41662

CVE-2025-41662 entry is rejected/not used and does not represent an active vulnerability.

CVE-2025-41662

...

CVE-2025-46612

The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console default credentials are weak and easily guessable...

CVE-2024-13089

CVE-2024-13089 describes an OS command injection vulnerability in the update functionality of Nozomi Networks Guardian and CMC. The issue allows an authenticated administrator (high-privilege user) to upload update packages, and despite signatures being validated, an improper signature validation...

CVE-2025-1041 Avaya Call Management System RCE vulnerability

An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0...