CVE-2025-23006

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console AMC and Central Management Console CMC, which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands...

CVE-2025-23006

Summary (CVE-2025-23006): SonicWall SMA1000 appliances’ Appliance/Central Management Console suffer a pre-authentication deserialization vulnerability that could allow a remote unauthenticated attacker to execute arbitrary OS commands. Exploitation and CVSS indicate critical risk (AV:N/AC:L/PR:N/...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Apache Tomcat

CVE-2024-50379-Exploit This repository provides a Python scri...

CVE-2025-23006

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console AMC and Central Management Console CMC, which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. Rece...

SMA1000 Pre-Authentication Remote Command Execution Vulnerability

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console AMC and Central Management Console CMC, which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS...

VulnCheck KEV: CVE-2025-23006

SonicWall SMA1000 Appliance Management Console AMC and Central Management Console CMC contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands...

The vulnerability of the hnap_main function in the D-LINK GO-RT-AC750 router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the hnapmain function in the D-LINK GO-RT-AC750 router’s microprogramming software is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary comman...

The vulnerability of the setVpnAccountCfg function in the microprogramming software for TOTOLINK X5000R allows a perpetrator to execute arbitrary commands.

The vulnerability of the setVpnAccountCfg function in TOTOLINK X5000R router microprogramming software lies in the lack of measures to neutralize special elements used in the operating system’s processing of the limit parameter. Exploiting this vulnerability allows a remote attacker to execute...

Exploit for Server-Side Request Forgery in Havocframework Havoc

CVE-2024-41570 | Havoc C2 SSRF with RCE | Automated Reverse Sh...

The vulnerability of the graphical interface of the Fortinet FortiManager software, a centralized device management tool, allows a hacker to execute arbitrary commands.

The vulnerability of the graphical interface of the Fortinet FortiManager device management software is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...

The vulnerability of IBM Concert Software’s artificial intelligence-based automation tool lies in its improper handling of output data from registration logs, allowing a hacker to execute arbitrary commands.

The vulnerability of IBM Concert Software’s artificial intelligence-based automation tool is related to incorrect processing of output data for registration logs. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the QNAP License Center software lies in its failure to take measures to neutralize special elements used in the operating system’s command set, allowing a violator to execute arbitrary commands.

The vulnerability of the QNAP License Center software management tool is related to the failure to take measures to neutralize special elements used in the operating system command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the CSFD software of the Fortinet FortiManager device allows a intruder to execute arbitrary commands.

The vulnerability of the Fortinet FortiManager device management software allows for arbitrary commands to be executed by a malicious actor who operates remotely. This vulnerability is related to the lack of measures taken to neutralize special elements used within the operating system...

The vulnerability of the set_add_routing() function in the internet.cgi script of the Wavlink AC3000 (WL-WN533A8) router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the setaddrouting function in the internet.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning measures at the control level when processing the gateway parameter. Exploiting this vulnerability allows a remote...

The vulnerability of the set_sys_init() function in the login.cgi script of the Wavlink AC3000 router microprogramming system (WL-WN533A8) allows a hacker to execute arbitrary commands.

The vulnerability of the setsysinit function in the login.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning measures at the control level when processing the restartminvalue parameter. Exploiting this vulnerability allows a remote...

The vulnerability of the set_sys_init() function in the login.cgi script of the Wavlink AC3000 router microprogramming system (WL-WN533A8) allows a hacker to execute arbitrary commands.

The vulnerability of the setsysinit function in the login.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning at the control level when processing the restartweekvalue parameter. Exploiting this vulnerability allows a remote attacker ...

The vulnerability of the set_sys_init() function in the login.cgi script of the Wavlink AC3000 router microprogramming system (WL-WN533A8) allows a hacker to execute arbitrary commands.

The vulnerability of the setsysinit function in the login.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning at the control level when processing the restarthourvalue parameter. Exploiting this vulnerability allows a remote attacker ...

The vulnerability of the set_add_routing() function in the internet.cgi script of the Wavlink AC3000 (WL-WN533A8) router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the setaddrouting function in the internet.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning at the control level when processing the netmask parameter. Exploiting this vulnerability allows a remote attacker to...

CVE-2025-0457 NetVision Information airPASS - OS Command Injection

The airPASS from NetVision Information has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands...

PT-2025-3893 · Netvision Information · Airpass

Name of the Vulnerable Software and Affected Versions: airPASS from NetVision Information affected versions not specified Description: The issue allows remote attackers with regular privileges to inject and execute arbitrary OS commands. This is due to an OS Command Injection vulnerability...