CVE-2025-8752 wangzhixuan spring-shiro-training add command injection

A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. The attack can be initiated remotely. The...

CVE-2025-8752 wangzhixuan spring-shiro-training add command injection

A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. The attack can be initiated remotely. The...

Exploit for CVE-2025-7769

CVE-2025-7769 – Remote Command Injection in mobileapi Des...

Tigo Energy CCA Command Injection

This repository contains a proof of concept exploit exploit for CVE‑2025‑7769, a critical remote command injection vulnerability found in Tigo Energy CCA appliances exposing the /cgi-bin/mobileapi endpoint...

Itemir M300 Wi-Fi Repeater 安全漏洞

The Itemir M300 Wi-Fi Repeater is a wireless repeater from Itemir China. A security vulnerability exists in the Itemir M300 Wi-Fi Repeater that stems from the time parameter not being cleaned, which could lead to an unauthenticated remote command injection attack...

PT-2025-32308 · Unknown · Agentuniverse

Name of the Vulnerable Software and Affected Versions: agentUniverse versions up to 0.0.18 Description: A critical issue exists in agentUniverse that allows for remote OS command injection. The issue affects the StdioServerParameters function within the MCPSessionManager/MCPTool/MCPToolkit...

Itemir M300 Wi-Fi Repeater 安全漏洞

The Itemir M300 Wi-Fi Repeater is a wireless repeater from China-based Itemir. A security vulnerability exists in the Itemir M300 Wi-Fi Repeater that stems from an uncleared ssid parameter, which could lead to an unauthenticated remote command injection attack...

Itemir M300 Wi-Fi Repeater 安全漏洞

The Itemir M300 Wi-Fi Repeater is a wireless repeater from China-based Itemir. A security vulnerability exists in the Itemir M300 Wi-Fi Repeater that stems from an uncleared passwd parameter, which could lead to an unauthenticated remote command injection attack...

CVE-2025-8652

Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific...

Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2025-1739)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2013-10069

The CVE-2013-10069 entry describes an unauthenticated OS command injection in the web interface (command.php) of multiple D-Link routers, specifically DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13). The flaw arises from improper handling of the cmd POST parameter, enabling a remote attacker t...

SUSE CVE-2025-5030

A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os command injection. The attack can be initiated...

CVE-2013-10049

An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone paramet...

CVE-2013-10058

The CVE-2013-10058 entry describes an authenticated OS command-injection affecting Linksys routers (tested on WRT160Nv2) running firmware v2.0.03 via the /apply.cgi endpoint. The web UI fails to sanitize input to the ping_size parameter during diagnostics, allowing an authenticated attacker to in...

PT-2025-32515 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders due to a flaw in the um inspect cross band function within the /goform/RP setBasicAuto file...

PT-2025-32495 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders that allows for remote OS command injection. The issue is related to the setDFSSetting function...

PT-2025-32498 · Linksys · Linksys Re6250 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250 versions prior to 20250801 Linksys RE6300 versions prior to 20250801 Linksys RE6350 versions prior to 20250801 Linksys RE6500 versions prior to 20250801 Linksys RE7000 versions prior to 20250801 Linksys RE9000 versions prior to...

PT-2025-32517 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders that allows for remote OS command injection. The issue is located in the um red function within t...

PT-2025-32516 · Linksys · Linksys Re7000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in the ipv6cmd function of the /goform/setIpv6 file. Manipulation of the following arguments leads to OS command injection:...

PT-2025-32518 · Linksys · Linksys Re7000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000. The issue is due to os command injection in the sub 3517C...