252 matches found
PT-2026-40636
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description An issue in scripted monitors allows an authenticated attacker with the Resource Administrator or Administrator role to...
EUVD-2026-29509
The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...
marimo 访问控制错误漏洞
Marimo is an open-source interactive Python notebook that supports reactive programming and SQL queries. Versions of Marimo prior to 0.23.0 contained a access control vulnerability. This vulnerability stemmed from the lack of authentication for the terminal WebSocket endpoint, allowing...
CVE-2026-33139
PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a security validation bypass in the plugin system. The validateplugincode function in pluginsystem.py, performs static AST analysis...
CVE-2017-20221 Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when...
Exploit for Code Injection in Anthropic Claude_Code
CVE-PENDING: MCP Tool Confirmation Prompt Misrepresentation in...
EUVD-2026-3636
phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...
Thecus N4800Eco Nas Server Control Panel: Operating System Command Injection Vulnerability
The Thecus N4800Eco Nas Server Control Panel is a NAS control panel developed by Thecus Corporation. The Thecus N4800Eco Nas Server Control Panel has a vulnerability related to operating system command injection. This vulnerability stems from commands executed by user-defined endpoints, which may...
CVE-2019-12165
MiCollab 7.3 PR2 7.3.0.204 and earlier, 7.2 7.2.2.13 and earlier, and 7.1 7.1.0.57 and earlier and MiCollab AWV 6.3 6.3.0.103, 6.2 6.2.2.8, 6.1 6.1.0.28, 6.0 6.0.0.61, and 5.0 5.0.5.7 have a Command Execution Vulnerability. Successful exploit of this vulnerability could allow an attacker to execu...
CVE-2025-3232
A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands...
Codigo 代码注入漏洞
Codigo is a Markdown editor by the individual developer Alfonz Montelibano. A code injection vulnerability exists in Codigo version 1.0.1, which stems from the ability to execute arbitrary system commands that could lead to remote code execution...
FACTION 安全漏洞
Faction is an open source pen inspection report generation and evaluation collaboration framework from Faction Security. A security vulnerability exists in FACTION versions prior to 1.7.1 that stems from an extension execution path that allows untrusted extension code to execute arbitrary system...
CVE-2025-42892
CVE-2025-42892 describes an OS Command Injection in SAP Business Connector. An authenticated attacker with administrative privileges and adjacent network access can upload specially crafted content to the server; if processed, this can enable execution of arbitrary operating system commands and m...
Command Injection
Hoverfly is vulnerable to Command Injection. The vulnerability is due to improper input validation in the middleware endpoint due to the binary and script parameters being passed directly into a system without sanitization. This allows an attacker to supply crafted values for those parameters to...
CVE-2025-59481
A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful exploit can allow the attacker to cross a security...
EUVD-2019-14747
Malware in sbrugna...
EUVD-2016-1289
Malware in sbrugna...
EUVD-2025-21021
Malicious code in bioql PyPI...
EUVD-2024-49097
Malicious code in bioql PyPI...
EUVD-2025-23925
Malicious code in bioql PyPI...