CVE-2024-13089

CVE-2024-13089 describes an OS command injection vulnerability in the update functionality of Nozomi Networks Guardian and CMC. The issue allows an authenticated administrator (high-privilege user) to upload update packages, and despite signatures being validated, an improper signature validation...

CVE-2025-1041 Avaya Call Management System RCE vulnerability

An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0...

CVE-2025-1041 Avaya Call Management System RCE vulnerability

An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0...

CVE-2025-46612

The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console default credentials are weak and easily guessable...

PT-2025-24659 · Unknown · Airleader Easy +1

Name of the Vulnerable Software and Affected Versions: Airleader Master and Easy versions prior to 6.36 Description: The issue allows remote attackers to execute arbitrary commands via an unrestricted file upload in the Panel Designer dashboard. This can be exploited by logging into the...

CVE-2025-46612

The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console default credentials are weak and easily guessable...

Avaya Call Management System 安全漏洞

Avaya Call Management System is an integrated analytics and reporting solution from Avaya, Inc. that keeps you informed about virtually everything. A security vulnerability exists in Avaya Call Management System version 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0, which stems from...

CVE-2025-46612

The CVE-2025-46612 issue affects Airleader Master and Airleader Easy before version 6.36. The Panel Designer dashboard permits unrestricted file uploads via wizard/workspace.jsp, enabling remote command execution when an attacker logs into the administrator console (default credentials are weak) ...

CVE-2025-49004 Hijacking Caido instance during the initial setup via DNS Rebinding to achieve RCE

Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious website to hijack the authentication flow of Caido and achieve code execution. A malicious website load...

CVE-2025-49004

CVE-2025-49004 affects Caido prior to version 0.48.0. The issue arises from missing DNS rebinding protection, allowing a malicious site to load Caido on an attacker-controlled domain and hijack the authentication flow, potentially enabling remote command execution during the initial setup (and ev...

The vulnerability of the built-in web server boa (/boafrm/formDMZ) of TOTOLINK X15 router’s microprogramming software allows a perpetrator to execute arbitrary commands or cause service failure.

The vulnerability of the built-in web server boa /boafrm/formDMZ of TOTOLINK X15 router microprogramming software is related to the issue of the operation exceeding the buffer in memory when processing the submit-url parameter. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the built-in web server boa (/boafrm/formPortFw) of TOTOLINK X15 router’s microprogramming software allows a perpetrator to execute arbitrary commands or cause service interruptions.

The vulnerability of the built-in web server boa /boafrm/formPortFw of TOTOLINK X15 router microprogramming software is related to the issue of the operation exceeding the buffer in memory when processing the servicetype parameter. Exploiting this vulnerability allows a remote attacker to execute...

caido 安全漏洞

caido is an open source application from Caido. Designed to help security professionals and enthusiasts audit web applications efficiently and easily. A security vulnerability exists in versions prior to caido 0.48.0 that stems from a lack of DNS rebinding protection and could lead to remote...

The vulnerability of the built-in web server boa (/boafrm/formIpQoS) of TOTOLINK X15 router’s microprogramming software allows a intruder to execute arbitrary commands or cause a service failure.

The vulnerability of the built-in web server boa /boafrm/formIpQoS of TOTOLINK X15 router software is related to the issue of the operation exceeding the buffer in memory when processing the mac parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands or cau...

The vulnerability of the RP_UpgradeFWByBBS() function in the microprogrammed software for Linksys wireless signal amplifiers allows a intruder to execute arbitrary commands.

The vulnerability of the RPUpgradeFWByBBS function in the Linksys wireless signal amplifiers’ software relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands by sending a specially crafted...

CVE-2025-48780

A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object...

CVE-2025-48782

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file...

Exploit for Code Injection in Squirrelly

CVE-2024-40453 - Squirrelly v9.0.0 RCE Disclaimer: This sc...

CVE-2025-22481

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

CVE-2025-22481

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...