The vulnerability of the apcli_wps_gen_pincode() function in the mtkwifi.lua script of the TOTOLINK X5000R router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the apcliwpsgenpincode function in the mtkwifi.lua script of the TOTOLINK X5000R router’s software is related to the lack of measures taken to secure input data at the control level. Exploiting this vulnerability could allow an attacker to execute arbitrary commands remotely...

The vulnerability of the setWebWlanIdx() function in TOTOLINK CP900 router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the setWebWlanIdx function in TOTOLINK CP900 router microprogramming software lies in the lack of measures taken to neutralize special elements during the processing of the webWlanIdx parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the TMOS Shell configuration tool’s IControl REST interface allows attackers to execute arbitrary commands. This vulnerability relates to the BIG-IP Access Policy Manager, as well as software programs such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe.

The vulnerability of the TMOS Shell configuration tool’s IControl REST interface exists due to the lack of measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

Critical: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.9 on RHEL 7 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Siemens SCALANCE W700 Improper Input Validation (CVE-2025-24499)

Affected devices do not properly validate input while loading the configuration files. This could allow an authenticated remote attacker to execute arbitrary shell commands on the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

The vulnerability of D-Link DSL-3782 router microprogramming software, related to the lack of measures to neutralize special elements, allows a hacker to execute arbitrary commands.

The vulnerability of D-Link DSL-3782 router’s microprogramming software is related to the lack of measures taken to neutralize special elements during the processing of the publictype parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the TestEmail command in the Reolink RLC-410W, C1 Pro, Reolink C2 Pro, RLC-422W, and RLC-511W software-based cameras allows a intruder to execute arbitrary commands.

The vulnerability of the TestEmail command in the Reolink RLC-410W, C1 Pro, Reolink C2 Pro, RLC-422W, and RLC-511W software-based cameras is related to the failure to take measures to neutralize special elements during the processing of the addr1 field. Exploiting this vulnerability can allow a...

CVE-2025-25507

There is a RCE vulnerability in Tenda AC6 15.03.05.16multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution...

CVE-2025-25507

There is a RCE vulnerability in Tenda AC6 15.03.05.16multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution...

CVE-2025-25507

There is a RCE vulnerability in Tenda AC6 15.03.05.16multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution...

CVE-2025-25507

CVE-2025-25507 affects Tenda AC6, specifically version 15.03.05.16_multi. The vulnerability is an RCE in the formexeCommand function where the cmdinput parameter enables remote command execution. This is corroborated by multiple sources in the connected set (e.g., PT-2025-7557 notes the RCE in fo...

CVE-2025-25507

There is a RCE vulnerability in Tenda AC6 15.03.05.16multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution...

Malicious code in mygcpconfusedfunctionpoctestpackage (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d791e46a1741fda065be23dc9ee80e6237ac32eeee9718c46c2f50070d84c30f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability in the web interface of the Cisco AsyncOS operating system allows a hacker to escalate their privileges and execute arbitrary commands.

The vulnerability of the Cisco AsyncOS operating system’s web interface is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary commands remotely...

The vulnerability of the sub_422eb8() function in Linksys E8450 Wi-Fi router software allows a hacker to execute arbitrary commands.

The vulnerability of the sub422eb8 function in Linksys E8450 Wi-Fi routers’ microprogrammed software is related to the lack of measures taken to neutralize special elements used in the operating system’s command processing for handling the wizardstatus parameter. Exploiting this vulnerability...

The vulnerability of the CGI script VirtualServer.asp in the microprogramming software for D-Link DSL-3782 allows a hacker to execute arbitrary commands.

The vulnerability of the CGI script VirtualServer.asp in the D-Link DSL-3782 router microprogramming system is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the setL2tpServerCfg() function in the cstecgi.cgi script of the TOTOLINK X5000R router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the setL2tpServerCfg function in the cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s command processing when dealing with parameters such as mtu...

Malicious code in sysaid-infra-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32067df7060881cbe716c03dd7dc8c3b443263f314412e89e99a435622227b1e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...