PT-2025-31544 · Undefined · Undefined

An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects it into a shell...

GestioIP 安全漏洞

GestioIP is a web-based IPv4/IPv6 address management software from GestioIP. A security vulnerability exists in GestioIP 3.0 commit ac67be and prior versions, which stems from an unvalidated ip parameter that could lead to remote command execution...

Pandora FMS 安全漏洞

Pandora FMS is a monitoring system from Pandora FMS, USA. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Pandora FMS 5.0RC1 and earlier versions, which stems from the anyterm-module endpoint not cleaning up us...

CVE-2025-46811

A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x8664/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image...

CVE-2025-52284

Totolink X6000R V9.4.0cu.1360B20241207 was found to contain a command injection vulnerability in the sub4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request...

CLSA-2025-1753799801 Fix CVE(s): CVE-2025-32462

SECURITY UPDATE: unauthorized command execution on remote hosts - debian/patches/CVE-2025-32462.patch: restrict user from setting remote host for command unless listing privileges - CVE-2025-32462...

Exploit for CVE-2025-47227

🔓 CVE-2025-47227 — Critical Admin Password Reset Bypass in Scr...

GO-2025-3776 Gogs allows deletion of internal files which leads to remote command execution in gogs.io/gogs

Gogs allows deletion of internal files which leads to remote command execution in gogs.io/gogs...

The vulnerability of the vif_disable function in the Netgear RAX5 router’s built-in software allows a hacker to execute arbitrary commands.

The vulnerability of the vifdisable function in the Netgear RAX5 router’s built-in software is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the apcli_do_enr_pbc_wps function in the Netgear RAX5 router’s built-in software allows a hacker to execute arbitrary commands.

The vulnerability of the apclidoenrpbcwps function in Netgear RAX5 router’s built-in software is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

CNVD-C-2019-48814 WebLogic wls9-async反序列化远程命令执行漏洞 回显poc for weblogic Patch update: https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html 漏洞复现： http://10.10.20.166:7001/async/AsyncResponseService curl -i http://10.10.20.166:7001/async/favicon.ico CNVD-C-2019-48814...

Exploit for Unprotected Alternate Channel in Crushftp

💥 CVE-2025-54309 - CrushFTP Unauthenticated Remote Command Exe...

The vulnerability of the cckeckKeepAlive() function in the microprogramming software of the TOTOLink T6 system allows a hacker to execute arbitrary commands.

The vulnerability of the cckeckKeepAlive function in the TOTOLink T6 mesh-system’s software lies in the lack of measures taken to neutralize special elements during the processing of the ipAddr parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the ssdpcgi_main() function (/htdocs/cgibin) in the ssdpcgi component of D-Link DIR-645 router microprogramming software, allowing a hacker to execute arbitrary commands

The vulnerability of the ssdpcgimain function /htdocs/cgibin of the ssdpcgi component in the D-Link DIR-645 router microprogramming system is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...

Siemens SCALANCE LPE9403 Improper Neutralization of Special Elements Used in an OS Command (CVE-2025-40582)

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions with SINEMA Remote Connect Edge Client installed. Affected devices do not properly sanitize configuration parameters. This could allow a non-privileged local attacker to execute root commands on the device. Th...

CVE-2025-41674

A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command...

PT-2025-30551 · Iotgen · Iotgen

Name of the Vulnerable Software and Affected Versions: Apache IoT affected versions not specified Description: An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to improper sanitizing of user input in the Main Web Interface. The vulnerabl...

Netgear D6400 Remote Command Execution Vulnerability

The Netgear D6400 is a wireless modem from NETGEAR. A remote command execution vulnerability exists in the Netgear D6400, which can be exploited by an attacker to execute arbitrary commands on the system...

The vulnerability of the System Time module in the D-LINK DIR-818LW router’s software management web interface allows a hacker to execute arbitrary commands.

The vulnerability of the System Time module in the D-LINK DIR-818LW router’s software management web interface is related to the lack of measures taken to neutralize special elements during the processing of the NTP Server parameter. Exploiting this vulnerability allows a remote attacker to execu...

The vulnerability of the sub_4197C0() function in TOTOLINK A3300R router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the sub4197C0 function in TOTOLINK A3300R router microprogramming systems is related to the lack of measures taken to neutralize special elements during the processing of mac and desc parameters. Exploiting this vulnerability allows a remote attacker to execute arbitrary...