The vulnerability of the msg_process() function in TOTOLINK CA300-PoE router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the msgprocess function in TOTOLINK CA300-PoE router microprogramming software is related to the lack of measures taken at the control level during the processing of the URL parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...

The vulnerability of the setUpgradeUboot() function in TOTOLINK CP900 router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the setUpgradeUboot function in TOTOLINK CP900 router microprogramming software is related to the lack of measures to sanitize input data during the processing of the FileName parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...

The vulnerability of the setUpgradeFW() function in TOTOLINK CA600-PoE router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the setUpgradeFW function in TOTOLINK CA600-PoE router microprogramming software is related to the lack of measures taken to clean data at the management level when processing the FileName parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the recvUpgradeNewFw() function in TOTOLINK CA600-PoE router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the recvUpgradeNewFw function in TOTOLINK CA600-PoE router microprogramming software is related to the lack of measures taken to clean data at the management level when processing the fwUrl parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the recvUpgradeNewFw() function in TOTOLINK CA300-PoE router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the recvUpgradeNewFw function in TOTOLINK CA300-PoE router microprogramming software is related to the lack of measures taken to clean data at the management level when processing the fwUrl parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the CloudSrvUserdataVersionCheck() function in TOTOLINK CP900 router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the CloudSrvUserdataVersionCheck function in TOTOLINK CP900 router’s software lies in the lack of measures to sanitize input data when processing parameters like url and magicid. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending...

The vulnerability of the setNoticeCfg() function in the TOTOLink A950RG router’s microprogramming software allows a intruder to execute arbitrary commands and gain full control over the device.

The vulnerability of the setNoticeCfg function in the TOTOLink A950RG router’s microprogramming software lies in the lack of measures taken to clean up data at the control level when processing the IpTo parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...

The vulnerability of the setApRebootScheCfg() function in TOTOLINK CP900 router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the setApRebootScheCfg function in TOTOLINK CP900 router microprogramming software is related to the lack of measures to clean input data during the processing of the hour and minute parameters. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the msg_process() function in TOTOLINK CA300-PoE router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the msgprocess function in TOTOLINK CA300-PoE router microprogramming systems is related to the lack of measures taken at the control level during the processing of the Port parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...

The vulnerability of the CloudSrvUserdataVersionCheck() function in TOTOLINK CA300-PoE router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the CloudSrvUserdataVersionCheck function in TOTOLINK CA300-PoE router’s software lies in the lack of measures taken at the control level during the processing of the url parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sendin...

PT-2025-23356 · Undefined · Undefined

CVE-2022-46739 - Apache Struts Remote Command Execution Vulnerability CVE ID : CVE-2022-46739 Published : May 28, 2025, 7:15 p.m. | 2 hours, 15 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 |...

The vulnerability of the SINEMA Remote Connect Edge Client microprogramming software for industrial switches from Siemens, model Scalance LPE9403, allows a perpetrator to execute arbitrary commands.

The vulnerability of the SINEMA Remote Connect Edge Client microprogramming software for Siemens Scalance LPE9403 industrial switches in remote connection mode is related to the failure to take measures to neutralize certain special elements. Exploiting this vulnerability can allow an attacker to...

The vulnerability in the script/cgi-bin/adm.cgi of the Wavlink WL-WN579A3 router’s microprogramming system, which allows a hacker to execute arbitrary commands.

The vulnerability of the /cgi-bin/adm.cgi file in the microprogramming software for Wavlink WL-WN579A3 is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...

The vulnerability of the Backup Plus (ns_backup) extension of the TYPO3 content management system allows a hacker to execute arbitrary commands.

The vulnerability of the Backup Plus nsbackup extension of the TYPO3 content management system exists due to the lack of measures taken to neutralize the special elements used in the operating system’s command line. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

CVE-2025-46176

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis...

CVE-2025-46176

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis...

CVE-2025-22611

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, including the owner role. He's also able t...

CVE-2025-22605

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Starting in version 4.0.0-beta.18 and prior to 4.0.0-beta.253, a vulnerability in the execution of commands on remote servers allows an authenticated user to execute arbitrary code on the local...

CVE-2024-47074

DataEase is an open source data visualization analysis tool. In Dataease, the PostgreSQL data source in the data source function can customize the JDBC connection parameters and the PG server target to be connected. In backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java,...

CVE-2024-47001

Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...