PT-2025-16108 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an unauthenticated remote command execution. No information is provided about the estimated number of potentially affected devices worldwide or real-world...

📄 AquilaCMS 1.409.20 Remote Command Execution

AquilaCMS version 1.409.20 suffers from a remote command execution vulnerability. Exploit Title: AquilaCMS 1.409.20 - Remote Command Execution RCE Unauthenticated Date: 2024-10-25 Exploit Author: Eui Chul Chung Vendor Homepage: https://www.aquila-cms.com/ Software Link:...

AquilaCMS 1.409.20 - Remote Command Execution (RCE)

Exploit Title: AquilaCMS 1.409.20 - Remote Command Execution RCE Date: 2024-10-25 Exploit Author: Eui Chul Chung Vendor Homepage: https://www.aquila-cms.com/ Software Link: https://github.com/AquilaCMS/AquilaCMS Version: v1.409.20 CVE: CVE-2024-48572, CVE-2024-48573 import io import json import...

CVE-2025-27797

The CVE-2025-27797 entry affects Inaba Denki Sangyo Wi‑Fi AP UNIT AC-WPS‑11ac series. The root cause is an OS command injection in a specific service, allowing a remote attacker who can log in to the product to execute arbitrary OS commands. Impact is described as remote command execution with hi...

The software’s vulnerability related to secure remote access to data through the Palo Alto Networks GlobalProtect App. This vulnerability stems from an open and insecure ActiveX method, allowing attackers to execute arbitrary commands.

The vulnerability of the software for providing secure remote access to data in the Palo Alto Networks GlobalProtect App is related to an open and insecure ActiveX method. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the `setUpgradeFW` function in TOTOLINK CP450 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the setUpgradeFW function in TOTOLINK CP450 router microprogramming software is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the FileName parameter...

The vulnerability of the formMapDelDevice function in the microprogramming software for TOTOLINK A3002R allows a intruder to execute arbitrary commands.

The vulnerability of the formMapDelDevice function in the microprogrammed software of TOTOLINK A3002R routers lies in the lack of measures to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the setWebWlanIdx function in the /lib/cste_modules/wireless.so file of the TOTOLINK A3100R router’s microprogramming system, which allows a attacker to execute arbitrary commands.

The vulnerability of the setWebWlanIdx function in the /lib/cstemodules/wireless.so module of the TOTOLINK A3100R router’s microprogramming system is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a...

Inaba Denki Sangyo Wi-Fi AP UNIT 操作系统命令注入漏洞

The Inaba Denki Sangyo Wi-Fi AP UNIT is a Wi-Fi AP unit from Inaba Denki Sangyo, a Japanese company. An operating system command injection vulnerability exists in Inaba Denki Sangyo Wi-Fi AP UNIT v2.0.03P and prior versions, which stems from a service-specific operating system command injection...

The vulnerability of the apcli Cancel_wps() function (/usr/lib/lua/luci/controller/mtkwifi.lua) in the TOTOLINK A6000R router software allows a attacker to execute arbitrary commands or cause service interruptions.

The vulnerability of the apcliCancelwps function /usr/lib/lua/luci/controller/mtkwifi.lua of the TOTOLINK A6000R router’s software is related to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to...

Exploit for Improper Neutralization in Microsoft

CVE-2025-26633 - MSC EvilTwin PoC Proof of Concept PoC...

CVE-2025-27078

CVE-2025-27078 affects HPE AOS-8 Instant and AOS-10 AP — a vulnerability in a system binary that could allow an authenticated remote attacker to inject commands into the underlying operating system via the CLI, potentially leading to complete system compromise. The NVD/NVD-derived metrics indicat...

CVE-2025-27078 Authenticated Remote Command Execution caused by Insecure Function Usage in System Binary

A vulnerability in a system binary of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to inject commands into the underlying operating system while using the CLI. Successful exploitation could lead to complete system compromise...

CVE-2025-3361

The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server...

CVE-2025-3363 HGiga iSherlock - OS Command Injection

The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server...

CVE-2025-3363

CVE-2025-3363 affects HGiga’s iSherlock web service. The vulnerability is an OS command injection in the web service, allowing unauthenticated remote attackers to inject and execute arbitrary system commands on the server. Affected: iSherlock web service; root cause is improper handling of input ...

Appsmith RCE

An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. Module Options msf use exploit/linux/http/appsmithrcecve202455964 msf exploitappsmithrcecve202455964 show targets ...targets... msf...

The vulnerability of the mangle platform’s executable file for application deployment and management allows a perpetrator to execute arbitrary system commands.

The vulnerability of the mangle platform’s executable file for application deployment and management related to buffer overflow in the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary system commands by sending specially crafted HTTP requests remotely...

📄 Appsmith Remote Code Execution

An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

CVE-2025-29987

Dell PowerProtect Data Domain with Data Domain Operating System DD OS versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root...