The vulnerability of the sub_175C8 function in the /htdocs/soap.cgi file of the D-Link DIR-890L and DIR-806A1 router microprogramming system, related to the lack of data cleaning at the control level, allows a perpetrator to execute arbitrary commands.

The vulnerability of the sub175C8 function in the /htdocs/soap.cgi file of the D-Link DIR-890L and DIR-806A1 routers’ microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability can allow an attacker operating remotely to...

Alibaba Cloud Linux 3 : 0097: pcp (ALINUX3-SA-2024:0097)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0097 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-3019: A flaw was found in PCP. The default...

Alibaba Cloud Linux 3 : 0031: vim (ALINUX3-SA-2022:0031)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0031 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-12735: getchar.c in Vim before...

The vulnerability of the ssdpcgi_main function in the binary file cgibin of D-Link DIR-815 router microprogramming software, allowing a hacker to execute any command they desire.

The vulnerability of the ssdpcgimain function in the binary file cgibin of D-Link DIR-815 router microprogramming software is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2025-30012

The Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component, which allows an unauthenticated attacker to send malicious payload request in a specific encoding format. The servlet will then decode this malicious request which will result in...

F5 BIG-IP 16.1.4.1 Remote Command Execution

F5 BIG-IP version 16.1.4.1 suffers from a command injection vulnerability via an authenticated user with administrator privileges...

The vulnerability of the SetVirtualServerSettings module in D-Link DIR-853 A1 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the SetVirtualServerSettings module in D-Link DIR-853 A1 router microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Exploit for CVE-2025-47227

ScriptCase - Pre-Authenticated Remote Command Execution Ch...

The vulnerability of the setDeviceName() function in the global.so library of the TOTOLink A950RG router’s software allows a intruder to execute arbitrary commands.

The vulnerability of the setDeviceName function in the global.so library of the TOTOLink A950RG router’s software is due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands by processing the...

SonicWALL SMA100 安全漏洞

The SonicWall SMA100 is a secure access gateway appliance from SonicWall USA. An input validation vulnerability exists in the SonicWall SMA100 SSL-VPN, which can be exploited by a remote attacker to submit a special request that can inject shell commands, upload files, and execute arbitrary...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through the dispatchReadPump function. An attacker can execute arbitrary commands by sending specially crafted websocket requests. PoC echo -e '"type": "command", "content": "id"' |./websocat...

PT-2025-20322 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a remote command execution in the Apache HTTP Server. No specific details about the number of potentially affected devices or real-world incidents are provided...

Azure Linux 3.0 Security Update: pytorch (CVE-2025-32434)

The version of pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-32434 advisory. - PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural...

CBL Mariner 2.0 Security Update: pytorch (CVE-2025-32434)

The version of pytorch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-32434 advisory. - PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural...

CVE-2025-25504

An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC In AV over IP products v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges...

The vulnerability of the ping_ddns() function in the internet.cgi scenario of the Wavlink WN530H4, WN530HG4, and WN572HG3 routers allows attackers to execute arbitrary commands.

The vulnerability of the pingddns function in the internet.cgi scenario of the Wavlink WN530H4, WN530HG4, and WN572HG3 routers is related to the lack of data cleaning at the management level when processing DDNS parameters. Exploiting this vulnerability allows a remote attacker to execute arbitra...

CVE-2025-25504

Gefen WebFWC (In AV over IP) versions 1.70, 1.85h, and 1.86v contain an unauthenticated remote command execution flaw in /usr/local/bin/jncs.sh. Attackers with network access can reach TCP port 4444 and execute commands with root privileges. The vulnerability is documented across multiple sources...

The vulnerability of UserGate Next-Generation Firewall (NGFW) and UserGate Web Application Firewall (WAF) at the web application level arises from the failure to implement measures to neutralize specific elements. This allows attackers to execute arbitrary operating system commands with maximum privileges.

The vulnerability of UserGate Next-Generation Firewall NGFW and UserGate Web Application Firewall WAF at the web application level is related to the failure to implement measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute any command on the...

CVE-2025-44837

TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44864

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...