Lucene search
K

315 matches found

Snyk
Snyk
added 2025/06/30 8:42 p.m.2 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the erroneous implementation of the allowlist process. An attacker can gain unauthorized access to execute arbitrary shell commands by bypassing configured restrictions. This may result in exposure or...

9.3CVSS8.1AI score0.00513EPSS
Exploits1References2
Snyk
Snyk
added 2025/06/30 8:42 p.m.1 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the erroneous implementation of the allowlist process. An attacker can gain unauthorized access to execute arbitrary shell commands by bypassing configured restrictions. This may result in exposure or...

9.3CVSS8.1AI score0.00513EPSS
Exploits1References2
Snyk
Snyk
added 2025/06/30 8:42 p.m.3 views

Arbitrary Command Injection

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Arbitrary Command Injection via the erroneous implementation of the allowlist process. An attacker can gain unauthorized access to execute arbitrary shell commands by...

9.3CVSS8AI score0.00513EPSS
Exploits1References2
Snyk
Snyk
added 2025/06/26 6:42 p.m.1 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Execute commands feature, which allows shell commands to be executed without restriction to the assigned scope. An attacker can gain unauthorized read and write access to all files managed by the serv...

9.3CVSS7.8AI score0.00885EPSS
Exploits1References2
Snyk
Snyk
added 2025/06/26 6:42 p.m.2 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Command Execution process. An attacker can execute arbitrary commands with the privileges of the server process by leveraging allowed shell commands that can spawn additional commands. This is only...

9.8CVSS7.9AI score0.00956EPSS
Exploits1References2
Snyk
Snyk
added 2025/06/26 6:42 p.m.1 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Execute commands feature, which allows shell commands to be executed without restriction to the assigned scope. An attacker can gain unauthorized read and write access to all files managed by the serv...

9.3CVSS7.8AI score0.00885EPSS
Exploits1References2
Snyk
Snyk
added 2025/06/26 6:42 p.m.2 views

Arbitrary Command Injection

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Arbitrary Command Injection via the Command Execution process. An attacker can execute arbitrary commands with the privileges of the server process by leveraging allowed...

9.8CVSS7.9AI score0.00956EPSS
Exploits1References2
Snyk
Snyk
added 2025/06/26 6:42 p.m.1 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Command Execution process. An attacker can execute arbitrary commands with the privileges of the server process by leveraging allowed shell commands that can spawn additional commands. This is only...

9.8CVSS7.9AI score0.00956EPSS
Exploits1References2
Snyk
Snyk
added 2025/06/26 6:42 p.m.0 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Command Execution process. An attacker can execute arbitrary commands with the privileges of the server process by leveraging allowed shell commands that can spawn additional commands. This is only...

9.8CVSS7.6AI score0.00956EPSS
Exploits1References2
Snyk
Snyk
added 2025/06/26 6:42 p.m.3 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Command Execution process. An attacker can execute arbitrary commands with the privileges of the server process by leveraging allowed shell commands that can spawn additional commands. This is only...

9.8CVSS7.9AI score0.00956EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/06/25 6:0 p.m.6 views

CVE-2025-5826 Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability

Autel MaxiCharger AC Wallbox Commercial bleprocessesp32msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not...

6.3CVSS7.3AI score0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/02 7:0 a.m.13 views

CVE-2025-4010 Arbitrary Command Injection in Netcom NTC-6200 & NWL-222

The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary code execution with...

8.6CVSS0.00646EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/02 12:0 a.m.5 views

PT-2025-23474 · Diviotec · Diviotec Professional Series

Name of the Vulnerable Software and Affected Versions: The Diviotec professional series affected versions not specified Description: The issue concerns the exposure of a web interface in the Diviotec professional series, where one endpoint is vulnerable to arbitrary command injection. Additionall...

8.6CVSS6.7AI score0.06793EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 7:36 a.m.10 views

CVE-2024-41585

DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine...

6.8CVSS7.7AI score0.00787EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:28 p.m.2 views

CVE-2022-0764

Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0...

7.2CVSS7.1AI score0.00782EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:21 a.m.7 views

CVE-2019-18780

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Fl...

10CVSS8.5AI score0.06138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:27 a.m.8 views

CVE-2019-19875

An issue was discovered in B Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected using Python scripts via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364...

10CVSS6.6AI score0.01499EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:42 a.m.17 views

CVE-2019-10788

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...

9.8CVSS7.9AI score0.02415EPSS
Exploits1References1
Snyk
Snyk
added 2025/05/21 6:33 p.m.1 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the processFile function in the wxapkg File Parser component. An attacker can execute arbitrary system commands by providing crafted input to this function. Remediation There is no fixed version for...

8.1CVSS8AI score0.02343EPSS
Exploits1References2
Veracode
Veracode
added 2025/05/14 9:57 a.m.13 views

Arbitrary Command Injection

Craft CMS is vulnerable to Arbitrary Command Injection. The vulnerability is due to unauthenticated user-supplied data being stored in session files without validation, potentially allowing PHP code injection into a predictable server file path...

6.9CVSS7.2AI score0.01119EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder