15280 matches found
CVE-2024-52875
An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response...
CVE-2024-52875
An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response...
CVE-2024-52875
An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response...
CVE-2024-52875
An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response...
CVE-2024-52875
Kerio Control (GFI) versions 9.2.5–9.4.5 are affected by a CRLF/HTTP response splitting vulnerability that abuses the dest parameter in GET requests to generate a Location header in a 302 response, enabling Open Redirect and HTTP Response Splitting, which can lead to reflected XSS. The issue affe...
CVE-2025-24505
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file...
CVE-2025-24505
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file...
CVE-2025-24505
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file...
CVE-2025-24505
Technical details about CVE-2025-24505, including affected products, versions, root cause, and fixes, are not publicly available in the provided connected documents. Monitor for updates.
PT-2025-5377 · Unknown · Symantec Privileged Access Management
Name of the Vulnerable Software and Affected Versions: Privileged Access Management System affected versions not specified Description: This issue allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrad...
The vulnerability of the web interface of the microprogramming software for routers EDIMAX BR-6476AC allows a hacker to enhance their privileges and execute arbitrary commands.
The vulnerability of the web interface of the microprogrammed software router EDIMAX BR-6476AC is related to the lack of measures taken for data cleaning at the management level. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and execute arbitrary commands...
VulnCheck KEV: CVE-2024-40891
Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet...
The vulnerability of the latex_pickle_io.py module in the GPT Academic machine learning application allows a hacker to execute arbitrary commands.
The vulnerability of the latexpickleio.py module in the GPT Academic machine learning application is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability in the web interface for controlling microprogrammed software-based network storage devices STEALTHONE D220, D340, and D440 allows a perpetrator to execute arbitrary commands.
The vulnerability of the web-based interface for managing microprogrammed software-based network storage devices STEALTHONE D220, D340, and D440 is related to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows ...
CVE-2025-22604 Cacti has Authenticated RCE via multi-line SNMP responses
Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ssnetsnmpdiskio or ssnetsnmpdiskbytes, a part of each OID will be used as a key in an array that is...
TRENDnet TEW-632BRP 安全漏洞
The TRENDnet TEW-632BRP is a wireless router from Trendnet, Inc. A security vulnerability exists in TRENDnet TEW-632BRP version 1.010B31, which originates from an OS command injection vulnerability in the CGl interface ntpsync.cgi, which allows remote attackers to execute arbitrary commands...
The vulnerability of the IBM Sterling Secure Proxy proxy server stems from the improper validation of specified input types, allowing attackers to execute arbitrary commands.
The vulnerability of the IBM Sterling Secure Proxy proxy server is related to incorrect validation of the specified data type during input processing. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...
The vulnerability of the telnetd daemon in the microprogramming-based router software of Tenda AC8, AC10, and AC18 allows a hacker to execute arbitrary commands.
The vulnerability of the telnetd microprogramming system for Tenda AC8, AC10, and AC18 routers is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
CVE-2025-22612
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve any existing private keys on a coolify instance in plain text. If the server configuration of IP ...
CVE-2025-22612 Coolify Vulnerable to Private Key Enumeration on Onboarding resulting in Remote Command Execution (RCE)
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve any existing private keys on a coolify instance in plain text. If the server configuration of IP ...