CVE-2025-11138

A vulnerability was found in mirweiye wenkucms up to 3.4. This impacts the function createPathOne of the file app/common/common.php. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used...

Western Digital My Cloud 安全漏洞

Western Digital My Cloud is a personal cloud storage device from Western Digital. A security vulnerability exists in Western Digital My Cloud versions prior to 5.31.108, which stems from the user interface not handling input correctly and could lead to remote command execution...

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23367)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that can be exploited by an attacker to cause remote command execution...

wenkucms 操作系统命令注入漏洞

wenkucms is a content management system by mirweiye personal developer. An OS command injection vulnerability exists in wenkucms 3.4 and earlier versions, which originates from a misuse of the function createPathOne in the file app/common/common.php, which could lead to a remote command injection...

D-Link DIR-823X 命令注入漏洞

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that can be exploited by an attacker to cause remote command execution...

CVE-2025-11073 Keyfactor RG-EW5100BE HTTP POST Request cmd command injection

A vulnerability was detected in Keyfactor RG-EW5100BE EW3.0B11P280EW5100BE-PRO12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url results in command injection. The attack can be...

Ruijie RG-EW5100BE 命令注入漏洞

The Ruijie RG-EW5100BE is a wireless router from China Ruijie Ruijie. A command injection vulnerability exists in the Ruijie RG-EW5100BE EW3.0B11P280EW5100BE-PRO12183019 version, which originates from the incorrect operation of the parameter url in the file /cgi-bin/luci/api/cmd, and could lead t...

PT-2025-39770

CVE-2025-60029 - Intel NUC Router Unauthenticated Remote Command Execution CVE ID : CVE-2025-60029 Published : Sept. 26, 2025, 3:15 a.m. | 4 hours, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...

CVE-2025-59815

This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Exploitation can compromise the device’s availability, confidentiality, and integrity...

CVE-2025-59817

This vulnerability allows attackers to execute arbitrary commands on the underlying system. Because the web portal runs with root privileges, successful exploitation grants full control over the device, potentially compromising its availability, confidentiality, and integrity...

Zenitel ICX500和Zenitel ICX510 安全漏洞

Zenitel ICX500 and Zenitel ICX510 are both communication and control platforms from Zenitel Norway. A security vulnerability exists in the Zenitel ICX500 and Zenitel ICX510 that originates from a malicious actor that can execute arbitrary commands, potentially compromising device availability,...

Exploit for Origin Validation Error in Edex-Ui_Project Edex-Ui

CVE-2023-30856 Security Patch for eDEX-UI ⚠️ Critical Secu...

CVE-2025-57685

The LB-Link routers, including the BL-AC2100AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000AE4 v2.4.9, BL-AC1900AZ2 v1.0.2, BL-X26AC8 v1.2.8, and BL-LTE300DA4 V1.2.3 models, are vulnerable to unauthorized command injection. Attackers can exploit this vulnerability by accessing the /goform/setserialcfg...

CVE-2023-49565

The cbismanager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen Python function without...

📄 aaPanel 7.x.x Remote Command Execution

aaPanel version 7.x.x suffers from an authenticated remote command execution vulnerability. This was discovered prior and noted in CVE-2020-14421 where it states that it affects versions 6.6.6 and below. The developers claim it is patched but it still affects the 7.x.x version. This is...

CVE-2023-49565

The cbismanager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen Python function without...

CVE-2023-49565

The CVE-2023-49565 entry concerns the cbis_manager Podman container. The vulnerability allows remote command execution through the /api/plugins endpoint due to improper sanitization of HTTP headers X-FILENAME, X-PAGE, and X-FIELD, which are directly used by a subprocess.Popen call without suffici...

CVE-2025-9972

Certain models of Industrial Cellular Gateway developed by Planet Technology have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the device...

SUSE SLES15 Security Update : pcp (SUSE-SU-2025:03233-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03233-1 advisory. - CVE-2024-3019: exposure of the redis server backend allows remote command execution via pmproxy bsc1222121. Tenable has extracted the...

CVE-2025-37126 Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as...