| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function show_debug_screen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm*& causes command injection. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is stated that the exploitability is difficult. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. |
| Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component at_command.asp. |
| BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) attack. The vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service. |
| An attacker with local access the to medical office computer can
escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by
exploiting a command injection vulnerability in the Elefant Update
Service. The command injection can be exploited by communicating with
the Elefant Update Service which is running as "SYSTEM" via Windows
Named Pipes.The Elefant Software Updater (ESU) consists of two components. An ESU
service which runs as "NT AUTHORITY\SYSTEM" and an ESU tray client
which communicates with the service to update or repair the installation
and is running with user permissions. The communication is implemented
using named pipes. A crafted message of type
"MessageType.SupportServiceInfos" can be sent to the local ESU service
to inject commands, which are then executed as "NT AUTHORITY\SYSTEM". |
| In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary commands by sending a crafted request to an API endpoint. |
| A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WDM Driver v6.12.23.0, which allows low-privileged users to mapping physical memory via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code. |
| aSc TimeTables 2021.6.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting subject title fields with excessive data. Attackers can generate a 10,000-character buffer and paste it into the subject title to trigger application instability and potential crash. |
| A command injection is possible through the user interface, allowing arbitrary command execution as
the root user. oMG2000 running MGOS 3.15.1 or earlier is affected.
MG90 running MGOS 4.2.1 or earlier is affected. |
| KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data contained within the QR code. By that, the attacker can execute arbitrary code on the camera. |
| A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The affected element is the function connect/remote_upload/remote_download of the file main.py of the component Configuration File Handler. The manipulation of the argument configuration["PASSWORD"] results in os command injection. The attack requires a local approach. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under certain conditions, a verified email address could receive repeated confirmation messages if the verification link was accessed multiple times. This issue may result in unintended email traffic but does not expose user data. The issue was addressed in version 2025.10.0 by improving validation logic to ensure verification links behave as expected after completion. |
| In 2wcom IP-4c 2.16, the web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen. |
| NeKernal is a free and open-source operating system stack. Prior to version 0.0.3, there are several memory safety issues that can lead to memory corruption, disk image corruption, denial of service, and potential code execution. These issues stem from unchecked memory operations, unsafe typecasting, and improper input validation. This issue has been patched in version 0.0.3. |
| The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command injection through the user argument. This allows an attacker to execute arbitrary commands on the system.
Exploitation Status:
Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.
Workarounds or Mitigation:
There are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions. |
| Sercomm Router Etisalat Model S3- AC2100 is affected by Incorrect Access Control via the diagnostic utility in the router dashboard. |
| When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines. |
| A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. |
| FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service (DoS) vulnerability. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion. Repeated attacks can lead to sustained service unavailability. This issue is fixed in version 2.6.3. |
| Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()
method would not "pause" writing and signal to the Protocol to drain
the buffer to the wire once the write buffer reached the "high-water
mark". Because of this, Protocols would not periodically drain the write
buffer potentially leading to memory exhaustion.
This
vulnerability likely impacts a small number of users, you must be using
Python 3.12.0 or later, on macOS or Linux, using the asyncio module
with protocols, and using .writelines() method which had new
zero-copy-on-write behavior in Python 3.12.0 and later. If not all of
these factors are true then your usage of Python is unaffected. |
| OpenTelemetry dotnet is a dotnet telemetry framework. A vulnerability in OpenTelemetry.Api package 1.10.0 to 1.11.1 could cause a Denial of Service (DoS) when a tracestate and traceparent header is received. Even if an application does not explicitly use trace context propagation, receiving these headers can still trigger high CPU usage. This issue impacts any application accessible over the web or backend services that process HTTP requests containing a tracestate header. Application may experience excessive resource consumption, leading to increased latency, degraded performance, or downtime. This vulnerability is fixed in 1.11.2. |
