5.3
CVE-2025-8697 - agentUniverse MCPSessionManager/MCPTool/MCPToolkit StdioServerParameters os command injection
A vulnerability was found in agentUniverse up to 0.0.18 and classified as critical. This issue affects the function StdioServerParameters of the component MCPSessionManager/MCPTool/MCPToolkit. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has beenβ¦
6.4
CVE-2025-7195 - Operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operaβ¦
5.3
CVE-2025-55077 - Tyler Technologies ERP Pro 9 SaaS application escape
Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment settiβ¦
0.0
CVE-2025-55153 -
This CVE is a duplicate of another CVE.
8.8
CVE-2025-24000 - WordPress Post SMTP plugin <= 3.2.0 - Account Takeover Vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Saad Iqbal Post SMTP post-smtp allows Authentication Bypass.This issue affects Post SMTP: from n/a through <= 3.2.0.
9.4
CVE-2025-34148 - Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via WISP SSID
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). When configuring the device in WISP mode, the 'ssid' parameter is passed unsanitized to system-level scripts. This allows remote attackers within Wi-Fi range to inject arbiβ¦
9.4
CVE-2025-34149 - Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via WPA2 Key
A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) during WPA2 configuration. The 'key' parameter is interpreted directly by the system shell, enabling attackers to execute arbitrary commands as root. Exploitation requires no authentication and cβ¦
9.4
CVE-2025-34150 - Shenzhen Aitemi M300 Wi-Fi Repeater PPPoE Username Command Injection
The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges.
9.4
CVE-2025-34151 - Shenzhen Aitemi M300 Wi-Fi Repeater PPPoE Password Command Injection
A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). The input is passed directly to system-level commands without sanitation, enabling unauthenticated attackers to achieve root-level code exeβ¦
9.4
CVE-2025-34152 - Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via Time Parameter
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike otheβ¦