EUVD-2025-34254

A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

CVE-2025-37146

A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

CVE-2025-37146 Unauthorized Filesystem Operations in System Firmware allow Authenticated Remote Code Execution

A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

CVE-2025-37146 Unauthorized Filesystem Operations in System Firmware allow Authenticated Remote Code Execution

A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

CVE-2025-46581 ZTE ZXCDN product has a Struts RCE Vulnerability

ZTE's ZXCDN product is affected by a Struts remote code execution RCE vulnerability. An unauthenticated attacker can remotely execute commands with non-root privileges...

CVE-2025-46581 ZTE ZXCDN product has a Struts RCE Vulnerability

ZTE's ZXCDN product is affected by a Struts remote code execution RCE vulnerability. An unauthenticated attacker can remotely execute commands with non-root privileges...

PT-2025-41990

Name of the Vulnerable Software and Affected Versions network access point configuration services affected versions not specified Description A flaw exists in the web-based management interface of network access point configuration services that could allow a remote attacker with authentication t...

CVE-2025-30001

Apache StreamPark has a vulnerability described as an Incorrect Execution-Assigned Permissions issue that, in versions 2.1.4 up to but not including 2.1.6, can allow authenticated users to trigger remote command execution. PT-security and multiple CVE references converge on this issue, noting tha...

EUVD-2025-33371

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's...

CVE-2025-10283

BBOT’s gitdumper module is vulnerable due to insufficient sanitization of .git data, enabling Directory Traversal that can lead to Remote Code Execution when processing a malicious git repository. Affected component: bb ot gitdumper.py (processing of .git/config and related index/file handling as...

EUVD-2025-33343

scio is vunerable to Remote Command Execution through PyTorch...

GHSA-M9MP-6X32-5RHG scio is vunerable to Remote Command Execution through PyTorch

Impact PyTorch reported a critical vulnerability when using torch.load, even with option weightsonly=True, for torch = 2.6, starting from scio = 1.0.1 currently in dev state. Workarounds You can manually check that you are using torch = 2.6...

CVE-2025-53967

Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize...

CVE-2025-61913 Flowise is vulnerable to arbitrary file read, arbitrary file write

Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any...

CVE-2025-61913 Flowise is vulnerable to arbitrary file read, arbitrary file write

Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any...

CVE-2025-53967

Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize...

EUVD-2025-31868

EUVD-2025-31868...

CVE-2025-53967

CVE-2025-53967 affects Framelink Figma MCP Server prior to 0.6.3. The vulnerability is a command injection in the MCP server’s input handling, where user-controlled data is interpolated into shell commands (via a curl fallback in fetch-with-retry), enabling an unauthenticated remote attacker to e...

CVE-2025-53967

Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize...

Flowise 路径遍历漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A path traversal vulnerability exists in versions prior to Flowise 3.0.8, which stems from unrestricted file path access in WriteFileTool and ReadFileTool, and could lead to arbitrary file reads and writes and remote...