Nir Tepper

5 exploits Active since Nov 2025
CVE-2025-64126 WRITEUP CRITICAL WRITEUP
OS - Command Injection
An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering potentially malicious characters. This could allow an unauthenticated attacker to inject arbitrary commands.
CVSS 10.0
CVE-2025-64127 WRITEUP CRITICAL WRITEUP
OS - Command Injection
An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauthenticated attacker to execute arbitrary commands remotely.
CVSS 10.0
CVE-2025-64128 WRITEUP CRITICAL WRITEUP
OS - Command Injection
An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could permit attackers to append arbitrary data. This could allow an unauthenticated attacker to inject arbitrary commands.
CVSS 10.0
CVE-2025-64129 WRITEUP HIGH WRITEUP
Zenitel TCIV-3+ - Memory Corruption
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device.
CVSS 7.6
CVE-2025-64130 WRITEUP CRITICAL WRITEUP
Zenitel TCIV-3+ - XSS
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser.
CVSS 9.8