CVE-2025-48782

Soar Cloud HRD Human Resource Management System (Soar Cloud HRMS) is affected up to version 7.3.2025.0408. The vulnerability is an unrestricted upload of files with dangerous types in the upload file function, enabling remote command execution by a malicious file. The connected sources consistent...

CVE-2025-48780 Soar Cloud HRD Human Resource Management System - Deserialization of Untrusted Data

A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object...

CVE-2025-48780 Soar Cloud HRD Human Resource Management System - Deserialization of Untrusted Data

A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object...

CVE-2025-48780

CVE-2025-48780 affects Soar Cloud HRD Human Resource Management System prior to version 7.3.2025.0408. A deserialization vulnerability in the download file function allows remote attackers to execute arbitrary system commands via a crafted serialized object. Public metrics list a critical impact ...

PT-2025-24058

Name of the Vulnerable Software and Affected Versions Soar Cloud HRD Human Resource Management System versions prior to 7.3.2025.0408 Description A deserialization of untrusted data issue in the download file function allows remote attackers to execute arbitrary system commands via a crafted...

The vulnerability of the formMapReboot() function in the embedded server of the TOTOLINK X15 router’s microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the formMapReboot function in the embedded server of the TOTOLINK X15 router’s microprogramming software is related to the lack of measures to clean input data during the processing of the deviceMacAddr parameter. Exploiting this vulnerability allows a remote attacker to...

CVE-2025-49008 Atheos Improper Input Validation Vulnerability Enables RCE in Common.php

Atheos is a self-hosted browser-based cloud integrated development environment. Prior to version 6.0.4, improper use of escapeshellcmd in /components/codegit/traits/execute.php allows argument injection, leading to arbitrary command execution. Atheos administrators and users of vulnerable version...

The vulnerability of the sub_456DE8() function in the jhttpd web server of the D-Link DI-500WF-WT router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the sub456DE8 function in the jhttpd web server of the D-Link DI-500WF-WT router microprogramming system is related to the lack of data cleaning measures at the control level when processing the cmd parameter. Exploiting this vulnerability allows an attacker to execute...

The vulnerability of the ssid1MACFilter() function in the Linksys wireless signal amplifiers’ software allows a hacker to execute arbitrary commands.

The vulnerability of the ssid1MACFilter function in the Linksys wireless amplifier software-related microprogramming system is related to the lack of measures to neutralize specific elements. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...

The vulnerability of the RP_checkFWByBBS() function in the microprogramming software for Linksys’ wireless signal amplifiers allows a hacker to execute arbitrary commands.

The vulnerability of the RPcheckFWByBBS function in the microprogramming software for Linksys wireless signal amplifiers is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the built-in boa server (/boafrm/formMapDel) of the Totolink X2000R router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the built-in server boa /boafrm/formMapDel of the Totolink X2000R router’s microprogramming software is related to the lack of data cleaning at the management level when processing the parameter devicemac1. Exploiting this vulnerability allows an attacker operating remotely t...

The vulnerability of the formMapReboot() function (/boafrm/formMapReboot) in the TOTOLINK X15 router microprogramming software allows a intruder to execute arbitrary commands or cause a service failure.

The vulnerability of the formMapReboot function /boafrm/formMapReboot of the TOTOLINK X15 router’s microprogramming software is related to the issue of the operation exceeding the buffer boundaries in memory when processing the deviceMacAddr parameter. Exploiting this vulnerability allows a remot...

Tenda AC18 安全漏洞

The Tenda AC18 is a router from the Chinese company Tenda. The Tenda AC18 suffers from a buffer overflow vulnerability that originates from a misuse of the parameter list in the file /goform/setPptpUserList, which can be exploited by an attacker to submit a special request and execute arbitrary...

The vulnerability of sub_42581C in the microprogrammed Wi-Fi router software of Tenda AX12 allows a hacker to execute arbitrary commands.

The vulnerability of sub42581C in Tenda AX12 Wi-Fi routers exists due to the lack of measures taken to neutralize special elements used in the operating system’s processing of the staticIp parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the runtime.InternetConnection() function in Linksys E5600 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the runtime.InternetConnection function in Linksys E5600 router microprogramming software is related to the lack of data cleaning measures at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

AZL-62282 CVE-2025-48938 affecting package gh for versions less than 2.62.0-9

go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URL...

The vulnerability of the CloudSrvUserdataVersionCheck() function in TOTOLINK CA600-PoE router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the CloudSrvUserdataVersionCheck function in TOTOLINK CA600-PoE router’s software lies in the lack of measures taken at the control level during the processing of the magicid parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...

The vulnerability of the CloudSrvUserdataVersionCheck() function in TOTOLINK CA300-PoE router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the CloudSrvUserdataVersionCheck function in TOTOLINK CA300-PoE router’s software lies in the lack of measures taken at the control level during the processing of the url parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sendin...

The vulnerability of the setUploadUserData() function in TOTOLINK CP900 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the setUploadUserData function in TOTOLINK CP900 router microprogramming software is related to the lack of measures to sanitize input data during the processing of the FileName parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...

The vulnerability of the msg_process() function in TOTOLINK CA600-PoE router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the msgprocess function in TOTOLINK CA600-PoE router microprogramming software is related to the lack of measures taken at the control level during the processing of the URL parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...