📄 ScriptCase Remote Command Execution

ScriptCase versions 1.0.003-build-2 Production Environment and 9.12.006 23 ScriptCase are affected by a pre-authenticated remote command execution vulnerability. This is achieved by chaining two vulnerabilities: the first is the ability to reset the administrator password of the prod console unde...

The vulnerability of the formBSSetSitesurvey() function (/goform/formBSSetSitesurvey) in the Wi-Fi range expansion software by Belkin F9K1122 allows a intruder to execute arbitrary commands.

The vulnerability of the formBSSetSitesurvey function /goform/formBSSetSitesurvey of the Belkin F9K1122 Wi-Fi range extender software is related to the lack of measures taken at the control level for data cleaning. Exploiting this vulnerability could allow a remote attacker to execute arbitrary...

The vulnerability of the mp() function (/goform/mp) in the microprogramming software for Wi-Fi range extension device Belkin F9K1122 allows a intruder to execute arbitrary commands.

The vulnerability of the mp function /goform/mp in the microprogramming software for Wi-Fi range extension by Belkin F9K1122 is related to the lack of measures taken to secure data at the control level. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...

Splunk Enterprise 9.1.0 < 9.1.10, 9.2.0 < 9.2.7, 9.3.0 < 9.3.5, 9.4.0 < 9.4.3 (SVD-2025-0702)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-0702 advisory. - In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege...

PT-2025-28230 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.4.3 Splunk Enterprise versions prior to 9.3.5 Splunk Enterprise versions prior to 9.2.7 Splunk Enterprise versions prior to 9.1.10 Description: A user with a role containing the high-privilege capabilitie...

The vulnerability of the formSetWanStatic() function (/goform/formSetWanStatic) in the wireless range extender software by Belkin F9K1122 allows a intruder to execute arbitrary commands.

The vulnerability of the formSetWanStatic function /goform/formSetWanStatic of the Belkin F9K1122 Wi-Fi range extender software is related to the lack of data cleaning measures at the control level. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...

Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

CVE-2025-47812 - Wing FTP Server RCE Exploit This repository...

CVE-2025-34087

CVE-2025-34087: An authenticated command-injection in Pi-hole’s web interface (legacy AdminLTE) exists up to version 3.3, where unsanitized domain input added to the allowlist can be exploited to execute OS commands as the Pi-hole service user. The issue is tied to the legacy AdminLTE interface a...

CVE-2025-34087 Pi-Hole AdminLTE Whitelist (now 'Web Allowlist') Remote Command Execution

An authenticated command injection vulnerability exists in Pi-hole versions up to 3.3. When adding a domain to the allowlist via the web interface, the domain parameter is not properly sanitized, allowing an attacker to append OS commands to the domain string. These commands are executed on the...

CVE-2025-34087 Pi-Hole AdminLTE Whitelist (now 'Web Allowlist') Remote Command Execution

An authenticated command injection vulnerability exists in Pi-hole versions up to 3.3. When adding a domain to the allowlist via the web interface, the domain parameter is not properly sanitized, allowing an attacker to append OS commands to the domain string. These commands are executed on the...

CVE-2025-34073 stamparm/maltrail <=0.54 Remote Command Execution

An unauthenticated command injection vulnerability exists in stamparm/maltrail Maltrail versions =0.54. A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. This occurs due to unsafe handling of user-supplied input...

CVE-2025-34073

Maltrail

CVE-2025-34067 Hikvision Integrated Security Management Platform Remote Command Execution via applyCT Fastjson

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an...

CVE-2025-34067

CVE-2025-34067 affects Hikvision Integrated Security Management Platform (applyCT component). The flaw is deserialization of untrusted input in /bic/ssoService/v1/applyCT via vulnerable Fastjson auto-type, enabling remote code execution by loading a malicious Java class referenced through an LDAP...

The vulnerability of the Node-RED visual programming tool’s server on the Pilz IndustrialPI operating system allows a perpetrator to execute arbitrary commands.

The vulnerability of the Node-RED visual programming tool on the Pilz IndustrialPI industrial computer server is related to the absence of default authentication settings. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the OCAS Assistant dialog system, related to the failure to take measures for data cleaning at the management level, allows a perpetrator to execute arbitrary commands.

The vulnerability of the OCAS Assistant dialog system is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the formWlSiteSurvey() function in the /boafrm/formWlSiteSurvey file of the TOTOLINK A3002R router’s microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the formWlSiteSurvey function in the /boafrm/formWlSiteSurvey file of the TOTOLINK A3002R router’s microprogramming system is related to the lack of measures for cleaning input data during the processing of the wlanif parameter. Exploiting this vulnerability allows a remote...

The vulnerability of the index.php script used by the sar2html system statistics visualization tool allows a perpetrator to execute arbitrary commands.

The vulnerability of the index.php script used by the sar2html system statistics visualization tool is related to insufficient validation of input data during the processing of the plot parameter. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

AZL-64461 CVE-2025-32462 affecting package sudo for versions less than 1.9.17-1

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines...

CVE-2025-26074

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...