CVE-2025-2717

A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub41710C of the file /goform/diagnslookup of the component HTTP POST Request Handler. The manipulation of the argument targetaddr leads to os command injection. The...

H3C多款产品 安全漏洞

H3C Magic NX30 Pro and others are products of China's Xinhua San H3C.H3C Magic NX30 Pro is a home router that supports WiFi6 3000M rate.H3C Magic NX15 is a router.H3C Magic NX400 is a router. A security vulnerability exists in several H3C products that stems from a command injection in the...

OpenManus 命令注入漏洞

OpenManus is an application by the individual developer of mannaandpoem. A command injection vulnerability exists in OpenManus version 2025.3.13 and earlier, which stems from an os command injection in the app/tool/pythonexecute.py file, which may be attacked remotely...

H3C多款产品 注入漏洞

H3C Magic NX30 Pro and others are products of China's Xinhua San H3C.H3C Magic NX30 Pro is a home router that supports WiFi6 3000M rate.H3C Magic NX15 is a router.H3C Magic NX400 is a router. An injection vulnerability exists in several H3C products. The vulnerability stems from a command injecti...

H3C Magic NX30 Pro 注入漏洞

H3C Magic NX30 Pro is a home router supporting WiFi6 3000M rate from China's Xinhua San H3C. It is used for home network coverage to provide high-speed and stable wireless network. An injection vulnerability exists in H3C Magic NX30 Pro V100R007 and earlier versions, which originates from a comma...

H3C多款产品 安全漏洞

H3C Magic NX30 Pro and others are products of China's Xinhua San H3C.H3C Magic NX30 Pro is a home router that supports WiFi6 3000M rate.H3C Magic NX15 is a router.H3C Magic NX400 is a router. A security vulnerability exists in several H3C products. The vulnerability stems from a command injection...

H3C多款产品 安全漏洞

H3C Magic NX30 Pro and others are products of China's Xinhua San H3C.H3C Magic NX30 Pro is a home router that supports WiFi6 3000M rate.H3C Magic NX15 is a router.H3C Magic NX400 is a router. A security vulnerability exists in several H3C products. the vulnerability stems from a command injection...

CVE-2025-2701

A vulnerability classified as critical was found in AMTT Hotel Broadband Operation System 1.0. This vulnerability affects the function popen of the file /manager/network/portsetup.php. The manipulation of the argument SwitchVersion/SwitchWrite/SwitchIP/SwitchIndex/SwitchState leads to os command...

CVE-2024-50631

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to inject SQL commands, limited to write operations, via...

FUJISOFT +F FS010M 操作系统命令注入漏洞

FUJISOFT +F FS010M is a wireless router from Fuji Software FUJISOFT Japan. An operating system command injection vulnerability exists in versions prior to FUJISOFT +F FS010M G20V2.0.11101, which stems from an OS command injection issue that could lead to a remote authenticated attacker executing...

RLSA-2024:9470 Low: cups security update

The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: libppd: remote command injection via attacker controlled data in PPD file For more details about the security issues, including the impact, a CVSS score,...

cups security update

An update is available for cups. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Common UNIX Printing System CUPS provides a portable printing layer for Linu...

CVE-2024-48017

Dell SmartFabric OS10 Software, versions 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contains an Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code...

CVE-2024-26290 Authenticated Remote Command Injection affecting Avid NEXIS

Improper Input Validation vulnerability in Avid Avid NEXIS E-series on Linux, Avid Avid NEXIS F-series on Linux, Avid Avid NEXIS PRO+ on Linux, Avid System Director Appliance SDA+ on Linux allows code execution on underlying operating system with root permissions.This issue affects Avid NEXIS...

CVE-2025-2096

A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112B20220316. This vulnerability affects the function setRebootScheCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mode/week/minute/recHour leads to os command injection. The attack can be initiat...

CVE-2025-2094

A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112B20220316. It has been rated as critical. Affected by this issue is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliKey/key leads to os command injection. The attack may be launche...

QNAP Systems QuRouter 安全漏洞

QNAP Systems QuRouter is a router management system from China Weilian Technology QNAP Systems. A security vulnerability exists in QNAP Systems QuRouter that stems from command injection and could lead to a remote attacker executing arbitrary commands...

CVE-2025-1947

A vulnerability classified as critical has been found in hzmanyun Education and Training System 2.1.3. This affects the function scorm of the file UploadImageController.java. The manipulation of the argument param leads to command injection. It is possible to initiate the attack remotely. The...

CVE-2025-1829

A vulnerability was found in TOTOLINK X18 9.1.0cu.2024B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can be initiated...

CVE-2025-1800

A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. This vulnerability affects the function getipaddrdetails of the file /view/vpn/sxhvpn/sxhvpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument ethname leads to command injection. Th...