CVE-2025-22906

RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN.

This Cyber News was published on www.tenable.com. Publication date: Thu, 16 Jan 2025 14:56:02 +0000

Cyber News related to CVE-2025-22906

CVE-2025-22906 - RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN. ...
2 weeks ago Tenable.com

CVE-2021-22906 - Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users. ...
2 years ago

CVE-2023-22906 - Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with root privileges by default, without a password. ...
1 year ago

Microsoft releases first Windows Server 2025 preview build - Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which ...
1 year ago Bleepingcomputer.com

CVE-2021-42718 - Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing container ...
1 week ago Tenable.com

CVE-2024-13162 - SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from ...
3 weeks ago Tenable.com

CVE-2025-0246 - When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This ...
4 weeks ago Tenable.com

CVE-2024-13172 - Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. ...
3 weeks ago Tenable.com

CVE-2024-13171 - Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. ...
3 weeks ago Tenable.com

CVE-2024-13170 - An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. ...
3 weeks ago Tenable.com

CVE-2024-13169 - An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. ...
3 weeks ago Tenable.com

CVE-2024-13168 - An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. ...
3 weeks ago Tenable.com

CVE-2024-13167 - An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. ...
3 weeks ago Tenable.com

CVE-2024-13166 - An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. ...
3 weeks ago Tenable.com

CVE-2024-13165 - An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. ...
3 weeks ago Tenable.com

CVE-2024-13164 - An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. ...
3 weeks ago Tenable.com

CVE-2024-13163 - Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. ...
3 weeks ago Tenable.com

CVE-2024-13161 - Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. ...
3 weeks ago Tenable.com

Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d - RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to send specially crafted packets to change credentials without any prior authentication. A vulnerability of authentication bypass has been found in Zebra ...
1 year ago Cisa.gov

CVE-2024-13160 - Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. ...
3 weeks ago Tenable.com

CVE-2024-13159 - Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. ...
3 weeks ago Tenable.com

CVE-2024-13158 - An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. ...
3 weeks ago Tenable.com

CVE-2024-10811 - Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. ...
3 weeks ago Tenable.com

CVE-2025-23012 - Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. ...
1 week ago Tenable.com

CVE-2025-23011 - Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives ("Zip Slip"). A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an ...
1 week ago Tenable.com

Latest Cyber News

CVE-2025-24982 - 22 hours ago
CVE-2025-22475 - 1 day ago
CVE-2025-1003 - 1 day ago
CVE-2025-0148 - 1 day ago
CVE-2025-24957 - 1 day ago
CVE-2025-24958 - 1 day ago
CVE-2025-22129 - 1 day ago
CVE-2025-23210 - 1 day ago
CVE-2025-24029 - 1 day ago
CVE-2025-24371 - 1 day ago
CVE-2025-24901 - 1 day ago
CVE-2025-24902 - 1 day ago
CVE-2025-24905 - 1 day ago
CVE-2025-24906 - 1 day ago
CVE-2024-35177 - 1 day ago
CVE-2024-47770 - 1 day ago
CVE-2025-24960 - 1 day ago
CVE-2025-24961 - 1 day ago
CVE-2025-24962 - 1 day ago
CVE-2025-22918 - 1 day ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2024-20141 - 1 day ago
CVE-2024-20142 - 1 day ago
CVE-2024-20147 - 1 day ago
CVE-2025-20631 - 1 day ago
CVE-2025-20632 - 1 day ago
CVE-2025-20633 - 1 day ago
CVE-2025-20634 - 1 day ago
CVE-2025-20635 - 1 day ago
CVE-2025-20636 - 1 day ago
CVE-2025-20637 - 1 day ago
CVE-2025-20638 - 1 day ago
CVE-2025-20639 - 1 day ago
CVE-2025-20640 - 1 day ago
CVE-2025-20641 - 1 day ago
CVE-2025-20642 - 1 day ago
CVE-2025-20643 - 1 day ago
CVE-2025-25062 - 1 day ago
CVE-2025-25063 - 1 day ago
CVE-2024-57966 - 1 day ago
CVE-2024-13347 - 1 day ago