Command Injection Archives • Page 4 of 6 • Daily CyberSecurity

8 Flaws: ASUS Routers Urgently Need Patch for Authentication Bypass (CVE-2025-59366, CVSS 9.4)

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

8 Flaws: ASUS Routers Urgently Need Patch for Authentication Bypass (CVE-2025-59366, CVSS 9.4)

Do Son November 26, 2025

ASUS has released an urgent security update to address a sweeping list of eight potential vulnerabilities in...

CRITICAL: Fluent Bit Flaws Enable RCE and Telemetry Tampering in Major Orgs Fluent Bit, Telemetry Agent

CRITICAL: Fluent Bit Flaws Enable RCE and Telemetry Tampering in Major Orgs

Do Son November 25, 2025

Oligo Security researchers have uncovered a dangerous chain of vulnerabilities in Fluent Bit, the popular, lightweight telemetry...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical Unpatched Flaw: Vivotek EOL IP Cameras Exposed to Unauthenticated RCE via Command Injection

Do Son November 25, 2025

The Akamai Security Intelligence and Response Team (SIRT) has uncovered a previously undocumented — and still widely...

CERT/CC Warns of Unpatched Root-Level Command Injection Flaws in Tenda 4G03 Pro and N300 Routers (CVE-2025-13207, CVE-2024-24481) Tenda Unpatched RCE, Router Command Injection

Tenda Unpatched RCE, Router Command Injection

CERT/CC Warns of Unpatched Root-Level Command Injection Flaws in Tenda 4G03 Pro and N300 Routers (CVE-2025-13207, CVE-2024-24481)

Do Son November 24, 2025

The CERT Coordination Center (CERT/CC) has issued a warning about multiple unpatched command injection vulnerabilities affecting Tenda’s...

D-Link DIR-878 Reaches EOL: 3 Unpatched RCE Flaws Allow Unauthenticated Remote Command Execution D-Link DIR-816, Critical Vulnerabilities D-Link EOL RCE, Unauthenticated Command Injection

D-Link DIR-816, Critical Vulnerabilities D-Link EOL RCE, Unauthenticated Command Injection

D-Link DIR-878 Reaches EOL: 3 Unpatched RCE Flaws Allow Unauthenticated Remote Command Execution

Do Son November 19, 2025

D-Link has issued a security advisory warning users of the DIR-878 router series that multiple newly disclosed...

Critical W3 Total Cache Flaw (CVE-2025-9501, CVSS 9.0) Risks Unauthenticated RCE on 1 Million WordPress Sites W3 Total Cache RCE, Unauthenticated Command Injection

W3 Total Cache RCE, Unauthenticated Command Injection

Critical W3 Total Cache Flaw (CVE-2025-9501, CVSS 9.0) Risks Unauthenticated RCE on 1 Million WordPress Sites

Do Son November 18, 2025

A newly disclosed high-severity security flaw in the widely used W3 Total Cache (W3TC) plugin is putting...

Critical pgAdmin Flaws (CVE-2025-12762, CVSS 9.1) Allow Remote Code Execution via PostgreSQL Dump Files CVE-2023-5002 pgAdmin RCE, LDAP Injection

Critical pgAdmin Flaws (CVE-2025-12762, CVSS 9.1) Allow Remote Code Execution via PostgreSQL Dump Files

Do Son November 17, 2025

The pgAdmin development team has issued patches addressing four newly disclosed security vulnerabilities impacting pgAdmin versions up...

Critical Dell CloudLink Flaws Allow User to Escape Shell and Gain Full System Control Dell CloudLink Privilege Escalation, Command Injection

Critical Dell CloudLink Flaws Allow User to Escape Shell and Gain Full System Control

Do Son November 6, 2025

Dell Technologies has issued a critical security advisory addressing multiple vulnerabilities in its CloudLink encryption management software,...

Critical React Native CLI Flaw (CVE-2025-11953, CVSS 9.8) Allows Unauthenticated RCE via Exposed Metro Server React Native RCE, Metro Server Flaw

Critical React Native CLI Flaw (CVE-2025-11953, CVSS 9.8) Allows Unauthenticated RCE via Exposed Metro Server

Do Son November 5, 2025

A newly disclosed critical vulnerability (CVE-2025-11953, CVSS 9.8) in the React Native Community CLI exposes developers to...

CISA Warns: Critical Veeder-Root TLS4B RCE (CVE-2025-58428) Exposes Tank Gauge Systems to Command Injection

Do Son October 27, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert for two high-severity vulnerabilities affecting the...

Critical NeuVector RCE Flaw (CVE-2025-54469, CVSS 10.0) Allows Command Injection via Unsanitized Environment Variables NeuVector Critical RCE, Command Injection

NeuVector Critical RCE, Command Injection

Critical NeuVector RCE Flaw (CVE-2025-54469, CVSS 10.0) Allows Command Injection via Unsanitized Environment Variables

Do Son October 23, 2025

The SUSE Rancher Security team has issued a critical advisory addressing a command injection and buffer overflow...

Critical TP-Link Omada Gateway Flaw (CVE-2025-6542, CVSS 9.3) Allows Unauthenticated Remote Command Execution

Do Son October 21, 2025

TP-Link Systems has released a new firmware update addressing four high- and critical-severity vulnerabilities in its popular...

Critical Samba RCE Flaw CVE-2025-10230 (CVSS 10.0) Allows Unauthenticated Command Injection on AD DCs CVE-2023-0614 Samba RCE, CVE-2025-10230

Critical Samba RCE Flaw CVE-2025-10230 (CVSS 10.0) Allows Unauthenticated Command Injection on AD DCs

Do Son October 16, 2025

The Samba Team has released an urgent security advisory addressing two vulnerabilities, including a critical command injection...

High-Severity Deno Flaw CVE-2025-61787 Allows Command Injection on Windows CVE-2023-28445 Deno Command Injection, CVE-2025-61787

High-Severity Deno Flaw CVE-2025-61787 Allows Command Injection on Windows

Do Son October 9, 2025

The Deno project has issued a new security advisory warning of a command injection vulnerability on Windows...

OpenSSH Flaw (CVE-2025-61984) Allows Remote Code Execution via Usernames CVE-2023-48795 - Terrapin Attack OpenSSH RCE, ProxyCommand Injection

OpenSSH Flaw (CVE-2025-61984) Allows Remote Code Execution via Usernames

Do Son October 8, 2025

Security researcher David Leadbeater has disclosed a vulnerability in OpenSSH, identified as CVE-2025-61984, which highlights how even...

Critical Flaw CVE-2025-52906 (CVSS 9.3) Allows Unauthenticated RCE on TOTOLINK X6000R Routers CVE-2024-1468 TOTOLINK RCE, Router Vulnerability

Critical Flaw CVE-2025-52906 (CVSS 9.3) Allows Unauthenticated RCE on TOTOLINK X6000R Routers

Do Son October 2, 2025

Researchers from Unit 42, Palo Alto Networks’ threat intelligence team, have disclosed three newly discovered vulnerabilities in...

CVE-2025-30247: Critical Command Injection Flaw in Western Digital My Cloud NAS Devices AI Storage Shortage QLC SSD Demand CVE-2022-29841 WD My Cloud, RCE Vulnerability

AI Storage Shortage QLC SSD Demand CVE-2022-29841 WD My Cloud, RCE Vulnerability

CVE-2025-30247: Critical Command Injection Flaw in Western Digital My Cloud NAS Devices

Do Son September 30, 2025

Western Digital (WD) has patched a critical vulnerability in its My Cloud NAS platforms that could allow...

Morte Botnet Unveiled: A Rapidly Growing Loader-as-a-Service Campaign Exploiting Routers and Enterprise Apps

Do Son September 29, 2025

Researchers at CloudSEK Threat Intelligence (TRIAD) have exposed a sophisticated botnet operation that systematically compromises SOHO routers,...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

CVE-2025-59689: Libraesva ESG Command Injection Flaw Exploited in the Wild

Do Son September 23, 2025

Libraesva has released an urgent security advisory addressing a command injection vulnerability (CVE-2025-59689) in its Email Security...

Multiple High-Severity Vulnerabilities Found in HPE Aruba Networking EdgeConnect SD-WAN Gateways HPE Aruba Private 5G Vulnerability CVE-2026-23595 HPE Instant On Vulnerability CVE-2025-37166 CVE-2024-31466 & CVE-2024-31467 HPE Aruba Networking, vulnerability

HPE Aruba Private 5G Vulnerability CVE-2026-23595 HPE Instant On Vulnerability CVE-2025-37166 CVE-2024-31466 & CVE-2024-31467 HPE Aruba Networking, vulnerability

Multiple High-Severity Vulnerabilities Found in HPE Aruba Networking EdgeConnect SD-WAN Gateways

Do Son September 17, 2025

HPE Aruba Networking has released patches addressing multiple high- and medium-severity vulnerabilities in its EdgeConnect SD-WAN Gateways,...

Critical Alert 1 Active Exploit Detected Today