Linux Distros Unpatched Vulnerability : CVE-2020-14295

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the...

Linux Distros Unpatched Vulnerability : CVE-2018-12483

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscoveranalyser rzo GET...

CVE-2025-9377

The authenticated remote command execution RCE vulnerability exists in the Parental Control page on TP-Link Archer C7EU V2 and TL-WR841N/NDMS V9. This issue affects Archer C7EU V2: before 241108 and TL-WR841N/NDMS V9: before 241108. Both products have reached the status of EOL end-of-life. It's...

CVE-2025-9377

The authenticated remote command execution RCE vulnerability exists in the Parental Control page on TP-Link Archer C7EU V2 and TL-WR841N/NDMS V9. This issue affects Archer C7EU V2: before 241108 and TL-WR841N/NDMS V9: before 241108. Both products have reached the status of EOL end-of-life. It's...

CVE-2025-30264 QTS, QuTS hero

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145...

VulnCheck KEV: CVE-2025-9377

The authenticated remote command execution RCE vulnerability exists in the Parental Control page on TP-Link Archer C7EU V2 and TL-WR841N/NDMS V9. This issue affects Archer C7EU V2: before 241108 and TL-WR841N/NDMS V9: before 241108. Both products have reached the status of EOL end-of-life. It's...

TP-LINK多款产品 安全漏洞

TP-LINK TL-WR841ND and so on are products of China P&L TP-LINK company.TP-LINK TL-WR841ND is a wireless router.TP-Link Archer C7 and so on are products of China P&L TP-Link company.TP-Link Archer C7 is a router.TP- Link TL-WR841N is a router. A security vulnerability exists in a number of TP-LINK...

PT-2025-35298

Name of the Vulnerable Software and Affected Versions TP-Link Archer C7EU V2 versions prior to 241108 TP-Link TL-WR841N/NDMS V9 versions prior to 241108 Description An authenticated remote command execution RCE vulnerability exists in the Parental Control page on TP-Link Archer C7EU V2 and...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Remote Command Execution in PyTorch [CVE-2025-32434]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Remote Command Execution in PyTorch, due to a condition that exists when loading a model using torch.load with weightsonly=True CVE-2025-32434. PyTorch is used in our speech service runtimes. This vulnerabilitiy has been addressed...

CVE-2025-34160

AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/startservice accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is...

CVE-2024-13980

H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...

CVE-2024-13980

H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...

CVE-2024-13985

A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capturehandle.action interface. The flaw stems from improper input validation in the captureCommand parameter, which is processed without...

CVE-2018-25115

Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from...

CVE-2024-13980

CVE-2024-13980 affects H3C Intelligent Management Center (IMC) /byod/index.xhtml. The root cause is improper handling of JSF ViewState, allowing unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters and potentially achieve arbitrary command execution. Explo...

CVE-2024-13980 H3C Intelligent Management Center (iMC) /byod/index.xhtml RCE

H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...

CVE-2024-13980 H3C Intelligent Management Center (iMC) /byod/index.xhtml RCE

H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...

CVE-2018-25115 D-Link DIR-110/412/600/615/645/815 RCE via service.cgi

Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from...

CVE-2018-25115

Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from...

CVE-2024-13985

CVE-2024-13985 – Dahua EIMS : A command injection flaw affects Dahua EIMS versions prior to 2240008. The issue stems from improper input validation of the captureCommand parameter in the capture_handle.action API, allowing unauthenticated remote attackers to inject OS commands and potentially ful...