Shodan
Vulnerabilities
Vulnerable Software
 >> Hax  Security Vulnerabilities
CVE-2025-56124
OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-12-11
CVE-2025-56127
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the get_wanobj in file /usr/lib/lua/luci/controller/admin/common.lua.
CVSS Score
8.8
EPSS Score
0.013
Published
2025-12-11
CVE-2025-56107
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submit_wifi in file /usr/lib/lua/luci/controller/admin/common_quick_config.lua.
CVSS Score
8.8
EPSS Score
0.003
Published
2025-12-11
CVE-2025-56096
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restart_modules in file /usr/lib/lua/luci/controller/admin/common.lua.
CVSS Score
8.8
EPSS Score
0.003
Published
2025-12-11
CVE-2025-14531
A vulnerability was found in code-projects Rental Management System 2.0. This affects an unknown function of the file Transaction.java of the component Log Handler. Performing manipulation results in crlf injection. The attack can be initiated remotely. The exploit has been made public and could be used.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-12-11
CVE-2025-13780
pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-12-11
CVE-2025-66918
edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting (XSS) in admin/add-session.php via the "title" parameter.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-12-11
CVE-2025-64669
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-12-11
CVE-2025-56077
OS Command Injection vulnerability in Ruijie RG-RAP2200(E) 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.
CVSS Score
8.8
EPSS Score
0.004
Published
2025-12-11
CVE-2025-56079
OS Command Injection vulnerability in Ruijie RG-EW1300G EW1300G V1.00/V2.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.
CVSS Score
8.8
EPSS Score
0.004
Published
2025-12-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved