15257 matches found
Exploit for Deserialization of Untrusted Data in Microsoft
ToolShell → CVE‑2025‑53770 Exploit PoC This package allows: 1...
CVE-2025-46122
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint /admin/cmdstat.jsp passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC...
CVE-2025-41673
A high privileged remote attacker can execute arbitrary system commands via POST requests in the sendsms action due to improper neutralization of special elements used in an OS command...
GPT-SoVITS-WebUI code issue vulnerability (CNVD-2025-23578)
GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI that stems from insecure deserialization of referencewebui.py when receiving serialized data submitted by a user, which can be exploited by an attacker to execute arbitrary commands on the system...
The vulnerability of the fromTraceroutGet() function (/goform/getTraceroute) in the Tenda O3 wireless access point software allows a intruder to execute arbitrary commands.
The vulnerability of the fromNetToolGet function in the file /goform/setPingInfo function of the Tenda O3 wireless access point software is related to the lack of measures to sanitize input data during the processing of the domain parameter. Exploiting this vulnerability allows a remote attacker ...
GPT-SoVITS-WebUI code issue vulnerability (CNVD-2025-23576)
GPT-SoVITS-WebUI is a TTS training model. A code issue vulnerability exists in GPT-SoVITS-WebUI, which stems from insecure deserialization of bsroformer.py when receiving serialized data submitted by a user, and can be exploited by an attacker to execute arbitrary commands on the system...
CVE-2025-46122
An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint /admin/cmdstat.jsp passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC...
The vulnerability of the fromTraceroutGet() function (/goform/getTraceroute) in the Tenda O3 wireless access point software allows a intruder to execute arbitrary commands.
The vulnerability of the fromTraceroutGet function /goform/getTraceroute in the Tenda O3 wireless access point software exists because measures are not taken to neutralize special elements when processing the dest parameter. Exploiting this vulnerability allows a remote attacker to execute...
Nokia WaveSuite NOC 安全漏洞
Nokia WaveSuite NOC is a unified operations and maintenance platform for optical networks from Nokia Finland. A security vulnerability exists in Nokia WaveSuite NOC that stems from a command that allows unfiltered user input to be passed to the underlying operating system for execution, potential...
Malicious code in lazmat (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 292e8512aa9e77a20a04a58cee3529ea31b9451e5c9067bbad7be57b5eb8c7fb Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...
MAL-2025-191759 Malicious code in hkmat (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c3c3063747c35c5ae091331ac2c35dbef66c945aca73b06ee32ef1f0ec088009 Importing the module starts a telegram bot that connects to a chat and executes provided commands --- Category: MALICIOUS - The campaign has clearly malicious...
CVE-2025-54068
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...
CVE-2025-53928
MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue...
CVE-2023-47356
Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution RCE vulnerability via the logtype parameter at /log/fwsecurity.mds...
Livewire is vulnerable to remote command execution during component property update hydration
Impact In Livewire v3 ≤ 3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions...
GHSA-29CQ-5W36-X7W3 Livewire is vulnerable to remote command execution during component property update hydration
Impact In Livewire v3 ≤ 3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions...
CVE-2025-54068
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...
CVE-2025-54068 Livewire vulnerable to remote command execution during property update hydration
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...
CVE-2025-54068 Livewire vulnerable to remote command execution during property update hydration
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...
CVE-2025-54068
Summary (validated by connected docs): CVE-2025-54068 affects Laravel Livewire v3 up to 3.6.3, where the component hydration/update mechanism can allow unauthenticated remote command execution under specific mounting/config conditions. Public advisories and templates confirm an in-the-wild risk a...