Gogs 安全漏洞

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the Gogs team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs versions prior to 0.13.3, which...

PT-2025-26663

Name of the Vulnerable Software and Affected Versions: TVT DVR Cross Web Server affected versions not specified Description: An OS command injection issue exists in the custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in...

CVE-2025-44635

There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series routers before...

CVE-2025-34029

An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell...

CVE-2025-34030

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to t...

The vulnerability of the formSetIptv() function in the microprogramming software for Tenda AC18 allows a hacker to execute any command they desire.

The vulnerability of the formSetIptv function /goform/SetIPTVCfg in the Tenda AC18 router’s microprogramming software is related to the lack of measures for cleaning input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...

The vulnerability of the Tenda AX12 Wi-Fi router’s microprogramming software lies in the lack of measures to neutralize the special elements used in the operating system’s command set. This allows a hacker to execute arbitrary commands.

The vulnerability of the microprogrammed Wi-Fi router Tenda AX12 relates to the lack of measures taken to neutralize special elements used in the operating system’s command processing when handling the list parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the ping_test() function in the adm.cgi script of the Wavlink WL-WN530H4 router software allows a hacker to execute arbitrary commands.

The vulnerability of the pingtest function in the adm.cgi script of the Wavlink WL-WN530H4 router software is related to the lack of data cleaning at the control level when processing the pingIp parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2025-34030

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to t...

CVE-2025-25038

An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to...

CVE-2025-44635

There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series routers before...

The vulnerability of the “Mass Processing of Infobox Elements (Products)” plugin, which arises from failing to take measures to neutralize special elements, allows a violator to execute arbitrary commands.

The vulnerability of the “Massive Processing of Infoblock Elements Products” plugin is related to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

PT-2025-26438 · H3C · Er6300G2 +14

Name of the Vulnerable Software and Affected Versions: H3C ER2200G2 series routers versions prior to ERG2AW-MNW100-R1117 H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series routers versions prior to ERHMG2-MNW100-R1126 H3C GR3200, GR5200, GR8300 series...

CVE-2025-44635

CVE-2025-44635 affects H3C ER2200G2, ERG2-450W/1200W/1350W/NR1200W and multiple ER/GR series routers (various models) prior to the fixed builds (e.g., ERG2AW-MNW100-R1117, ERHMG2-MNW100-R1126, MiniGR1B0V100R018L50, MiniGRW1B0V100R009L50, SWBRW1A0V100R007L50, SWBRW1B0V100R009L50). The issue enable...

The vulnerability of the “Multi-Functional Export/Import in Excel” plugin, which arises from the failure to take measures to neutralize special elements, allows a perpetrator to execute arbitrary commands.

The vulnerability of the “Multi-Functional Export/Import in Excel” plugin is related to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the “Import from Excel. Upload product catalog 1C-Bitrix” plugin, which stems from the failure to take measures to neutralize special elements, allows attackers to execute arbitrary commands.

The vulnerability of the plugin “Import from Excel. Uploading product catalogs for 1C-Bitrix” is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

H3C多款产品 安全漏洞

H3C ER2200G2 and others are products of China's Xinhua San H3C.H3C ER2200G2 is an enterprise router.H3C ERG2-450W is a wireless router.H3C ERG2-1200W is a wireless router. A security vulnerability exists in various H3C products that stems from authentication bypass and could lead to remote comman...

CVE-2025-44635

There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series routers before...

CVE-2025-44635

There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series routers before...

Security Bulletin: There is a vulnerablity in the torch library affecting IBM watsonx Code Assistant On Prem

Summary There is a vulnerablity in the torch library affecting IBM watsonx Code Assistant On Prem. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2025-32434 DESCRIPTION: PyTorch is a Python package that provides tensor computation with...