| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset. |
| The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset. |
| The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset. |
| A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. |
| Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File vulnerability. A user with local access could potentially exploit this vulnerability, leading to Information disclosure. |
| Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
| Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard allows password reset emails to be sent with URLs derived from the unvalidated Host header when the application_url configuration is unset (default behavior). This allows an attacker to craft a malicious password reset link that leaks the token to an attacker-controlled domain. If a victim (including an administrator) clicks the poisoned link, their account can be taken over. This affects all users who initiate a password reset while application_url is not set. This issue has been patched in version 1.2.46. |
| A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication. |
| Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. |
| A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. |
| LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and 1.2.3, a serialization injection vulnerability exists in LangChain JS's toJSON() method (and subsequently when string-ifying objects using JSON.stringify(). The method did not escape objects with 'lc' keys when serializing free-form data in kwargs. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in @langchain/core versions 0.3.80 and 1.1.8, and langchain versions 0.3.37 and 1.2.3 |
| A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. |
| A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. |
| An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread that uses OpenSSL exits, limited per-task memory is not freed, resulting in a memory leak. |
| django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users. |
| HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0. |
| SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute arbitrary HTML and JavaScript code in victim browser sessions without authentication. |
| SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directory to retrieve system and sensitive information without authentication. |
| SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' parameter values to execute arbitrary system commands with www-data user privileges. |
| This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device. |
