CVE-2024-14008 Nagios XI < 2024R1.3.2 RCE via WinRM Configuration Wizard

Nagios XI versions prior to 2024R1.3.2 contain a remote command execution vulnerability in the WinRM Configuration Wizard. Insufficient validation of user-supplied input allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations...

CVE-2024-14008 Nagios XI < 2024R1.3.2 RCE via WinRM Configuration Wizard

Nagios XI versions prior to 2024R1.3.2 contain a remote command execution vulnerability in the WinRM Configuration Wizard. Insufficient validation of user-supplied input allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations...

CVE-2020-36856

Nagios XI

CVE-2020-36856 Nagios XI < 5.6.14 Authenticated RCE command_test.php via address

Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...

VulnCheck KEV: CVE-2020-35714

Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program...

PT-2025-44506

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.3.2 Description Nagios XI is affected by a remote command execution issue in the WinRM Configuration Wizard. A lack of proper input validation allows an authenticated administrator to inject shell...

PT-2025-44502

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.2 Description The software contains a flaw due to insufficient validation of inbound NRDP Nagios Remote Data Processor request parameters. This allows crafted input to reach command execution paths, potential...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2026R1, which stems from insufficient validatio...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.6.14, which stems from insufficient validatio...

📄 LEPTON 7.4.0 Remote Code Execution

LEPTON CMS version 7.4.0 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary system commands through the Droplets functionality. This vulnerability arises from improper input validation and execution control within the Droplets feature...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2024R1.3.2, which stems from insufficient...

D-Link DNS-343 ShareCenter 安全漏洞

The D-Link DNS-343 ShareCenter is a network storage device from China's AUO D-Link. The D-Link DNS-343 ShareCenter suffers from a command execution vulnerability that stems from insufficient input validation in the Mail Test feature, which can be exploited by an attacker to execute arbitrary...

Planex MZK-DP300N 信任管理问题漏洞

The Planex MZK-DP300N is a hotel router travel router from Planex Japan. A trust management issue vulnerability exists in Planex MZK-DP300N version 1.07 and earlier, which stems from the use of hard-coded credentials and could allow an attacker to log in via Telnet and execute arbitrary commands ...

OpenVPN 安全漏洞

OpenVPN is a software package for creating encrypted tunnels for Virtual Private Networks VPNs from the US company OpenVPN, which uses the OpenSSL library to encrypt data and control information, and allows the created VPN to be authenticated using a public key, an electronic certificate, or a...

CVE-2025-54964

An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may inject arbitrary executables. If the Job Service is configured for local-only access, this may allow for privilege escalation in certain situations. If the Job Service is...

CVE-2025-58428

CVE-2025-58428 affects Veeder-Root TLS4B ATG system. The vulnerability stems from the SOAP-based interface being accessible through the web services handler, which enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. Reported impact incl...

CVE-2025-62713 Kottster app reinitialization can be re-triggered allowing command injection in development mode

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been...

Access Control Bypass

Overview @kottster/common is a Common types and utilities for Kottster Affected versions of this package are vulnerable to Access Control Bypass via the initApp and installPackagesForDataSource actions. An attacker can gain unauthorized administrative access and execute arbitrary system commands ...

Exploit for OS Command Injection in Tenda Ac15_Firmware

Tenda-Router-VR-and-Exploit...

CVE-2025-54964

CVE-2025-54964 affects BAE Systems SOCET GXP prior to 4.6.0.2. The issue arises when a user can interact with the GXP Job Service, enabling injection of arbitrary executables. If the Job Service is configured for local-only access, this may allow privilege escalation; if it is network-accessible,...