CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

CVE-2025-54068 Livewire vulnerable to remote command execution during property update hydration

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...

CVE-2023-47356

Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution RCE vulnerability via the logtype parameter at /log/fwsecurity.mds...

CVE-2025-53928

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue...

CVE-2025-34068

An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are...

CVE-2025-34116

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server...

CVE-2025-53928 MaxKB has RCE in MCP call

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue...

CVE-2025-53928

MaxKB has a Remote Command Execution vulnerability in the MCP call present in versions prior to 1.10.9-lts and 2.0.0. The issue is fixed in 1.10.9-lts and 2.0.0. No exploitation details are provided beyond this, and remediation is to upgrade to the fixed versions.

CVE-2025-53928 MaxKB has RCE in MCP call

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue...

CVE-2025-53928 MaxKB has RCE in MCP call

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue...

CVE-2023-47356

CVE-2023-47356 affects Mingyu Security Gateway prior to v3.0-5.3p. A remote command execution (RCE) exists via the log_type parameter handled at /log/fw_security.mds, arising from improper input handling. Exploitation could allow an unauthenticated attacker (network vector) with low privileges to...

PT-2025-29925 · Mingyu · Mingyu Security Gateway

Name of the Vulnerable Software and Affected Versions: Mingyu Security Gateway versions prior to 3.0-5.3p Description: The Mingyu Security Gateway is susceptible to a remote command execution RCE issue. This occurs due to a flaw in the handling of the log type parameter within the /log/fw...

PT-2025-29912

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 1.10.9-lts MaxKB versions prior to 2.0.0 Description A Remote Command Execution issue exists in the MCP call. Recommendations Update to version 1.10.9-lts or later. Update to version 2.0.0 or later...

Anheng Mingyu Security Gateway 安全漏洞

Anheng Mingyu Security Gateway is a security gateway from the Chinese company Anheng. A security vulnerability exists in Anheng Mingyu Security Gateway versions prior to v3.0-5.3p, which originates from a remote command execution vulnerability in the logtype parameter in /log/fwsecurity.mds...

CVE-2023-47356

Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution RCE vulnerability via the logtype parameter at /log/fwsecurity.mds...

MaxKB 代码注入漏洞

MaxKB is a 1Panel-dev open source open source knowledge base question and answer system based on large language model and RAG. A code injection vulnerability exists in MaxKB 1.10.9-lts and versions prior to 2.0.0, which stems from a remote command execution vulnerability in MCP calls...

CVE-2023-47356

Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution RCE vulnerability via the logtype parameter at /log/fwsecurity.mds...

PT-2025-29947

Name of the Vulnerable Software and Affected Versions Livewire versions 3.0.0 through 3.6.3 Description An issue in the Livewire full-stack framework for Laravel allows unauthenticated attackers to achieve remote command execution in specific scenarios. The problem arises from unsafe object...

CVE-2025-34125 D-Link DSP-W110A1 Cookie Command Injection

An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the...

CVE-2025-34300

Sawtooth Software Lighthouse Studio