256 matches found
EUVD-2025-23925
Malicious code in bioql PyPI...
EUVD-2024-49097
Malicious code in bioql PyPI...
EUVD-2025-9519
Malicious code in bioql PyPI...
CVE-2025-54133 Cursor's MCP Install Deeplink Does Not Show Arguments in its User-Dialog
Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP Model Context Protocol deeplink handler, allowing attackers to execute 2-click arbitrary system commands through social engineering attacks. When...
CVE-2025-41674 Remote Command Injection in diagnostic Action Due to Improper Input Neutralization
A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command...
Command Injection
@sunwood-ai-labs/github-kanban-mcp-server is vulnerable to command injection. The vulnerability is due to the use of the unsafe exec API with untrusted user input in the addcomment tool, which allows an attacker to execute arbitrary system commands through crafted input...
CVE-2025-47811
In Wing FTP Server through 7.4.4, the administrative web interface listening by default on port 5466 runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands i.e., through the web console or the task scheduler, and they are...
CVE-2020-11830
QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0...
CVE-2025-31340
Wisdom Master Pro, versions 5.0–5.2, is affected by CVE-2025-31340 due to improper control of included/required filenames in the retrieve course Information PHP function. This allows remote execution of arbitrary system commands via a malicious file. Root cause: insecure include/require filename ...
D-Tale Remote Code Execution
This exploit effectively serves as a bypass for CVE-2024-3408. An attacker can override global state to enable custom filters, which then facilitates remote code execution. Specifically, this vulnerability leverages the ability to manipulate global application settings to activate the...
CVE-2024-11984 SUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous Type
A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file...
CVE-2024-10771
Due to missing input validation during one step of the firmware update process, the product is vulnerable to remote code execution. With network access and the user level ”Service”, an attacker can execute arbitrary system commands in the root user’s contexts...
CVE-2024-11983
CVE-2024-11983 affects several Billion Electric routers (e.g., M100, M150, M120N, M500). All sources describe an OS Command Injection vulnerability in a specific SSH function that allows remote administrators to inject and execute arbitrary system commands on the device. The issue is attributed t...
CVE-2024-11120
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received relat...
CVE-2024-11120 GeoVision EOL devices - OS Command Injection
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received relat...
CVE-2024-11120 GeoVision EOL devices - OS Command Injection
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received relat...
GeoVision EOL 操作系统命令注入漏洞
GeoVision EOL is a series of surveillance devices from the Chinese company GeoVision. GeoVision EOL suffers from an operating system command injection vulnerability that originates from an unauthenticated, remote attacker being able to inject and execute arbitrary system commands on the device...
CVE-2024-11066
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page...
CVE-2024-11065
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet...
CVE-2024-11064
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet...