CVE-2025-44835

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell...

Erlang OTP Pre-Auth RCE Scanner and Exploit

This module detect and exploits CVE-2025-32433, a pre-authentication vulnerability in Erlang-based SSH servers that allows remote command execution. By sending crafted SSH packets, it executes a payload to establish a reverse shell on the target system. The exploit leverages a flaw in the SSH...

Exploit for Missing Authorization in Spicethemes Newsblogger

🚨 WordPress NewsBlogger Theme = 0.2.5.1 - Arbitrary File Uplo...

The vulnerability of microprogrammed software in PLANET Technology switches arises from the failure to take measures to neutralize special elements, allowing attackers to execute arbitrary commands.

The vulnerability of PLANET Technology’s microprogrammed software exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the /goform/set_prohibiting function in the microprogramming software for D-link DIR-823X AX3000 allows a hacker to execute arbitrary commands.

The vulnerability of the /goform/setprohibiting function in the microprogramming software for D-link DIR-823X AX3000 routers is related to the lack of measures taken to clean data at the control level. Exploitation of this vulnerability allows a remote attacker to execute arbitrary commands by...

📄 Erlang-Based SSH OTP Pre-Authentication Remote Code Execution

This Metasploit module detect and exploits CVE-2025-32433, a pre-authentication vulnerability in Erlang-based SSH servers that allows remote command execution. By sending crafted SSH packets, it executes a payload to establish a reverse shell on the target system. The exploit leverages a flaw in...

CVE-2025-44843

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44835

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell...

CVE-2025-44835

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell...

Malicious code in lezer-snowsql (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 79d686dc87e1e046c8091bd313f15cba6ccc513fa0effa19a8798c4d23e066c5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-44838

TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44835

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell...

CVE-2025-44861

TOTOLINK CA300-POE V6.2c.884B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

KUNBUS Revolution Pi OS Bookworm 安全漏洞

KUNBUS Revolution Pi OS Bookworm is an industrial-grade real-time operating system based on Debian Bookworm from KUNBUS. A security vulnerability exists in KUNBUS Revolution Pi OS Bookworm 01/2025 that stems from the Node-RED server not being configured for authentication by default, which could...

CVE-2025-44835

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell...

CVE-2025-44835

D-Link DIR-816 A2V1.1.0B05 is affected by a command injection in the iptablesWebsFilterRun function, enabling remote attackers to execute arbitrary shell commands. This vulnerability has been described across multiple sources (including Red Hat/CVE data and PT Security advisories) with a consiste...

CVE-2025-44865

CVE-2025-44865 affects Tenda W20E, specifically version 15.11.0.6, with a flaw in the formSetDebugCfg function via the enable parameter that permits command injection. The vulnerability could allow an attacker to execute arbitrary commands through a crafted request. Publicly documented details co...

The vulnerability of the setScheduleCfg function in the microprogramming software for TOTOLINK X5000R allows a hacker to execute arbitrary commands.

The vulnerability of the setScheduleCfg function in TOTOLINK X5000R router microprogramming software exists due to the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by manipulating the week parameter...

The vulnerability of the setScheduleCfg function in the microprogramming software for TOTOLINK X5000R allows a hacker to execute arbitrary commands.

The vulnerability of the setScheduleCfg function in TOTOLINK X5000R router microprogramming software exists due to the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by manipulating the hour parameter...

The vulnerability of ZyEE software in Wi-Fi amplifiers, subscriber terminals, DSL/Ethernet CPE routers allows a perpetrator to execute arbitrary commands.

The vulnerability of ZyEE software for Wi-Fi amplifiers, subscriber terminals, DSL/Ethernet CPE routers exists due to the lack of measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...