LigeroSmart code injection vulnerability

LigeroSmart is an open-source management platform developed by LigeroSmart. Versions of LigeroSmart 6.1.26 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “TicketID” in the file /otrs/index.pl?Action=AgentTicketZoom, which...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the default configuration -lua-sources=inline,file. An attacker can execute arbitrary code and access sensitive files by submitting malicious scripts when untrusted users are permitted to create lua filters...

Arbitrary Code Injection

Overview github.com/zalando/skipper is a HTTP router and reverse proxy for service composition Affected versions of this package are vulnerable to Arbitrary Code Injection via the default configuration -lua-sources=inline,file. An attacker can execute arbitrary code and access sensitive files by...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the LivewireFilemanagerComponent.php process due to missing file type and MIME validation. An attacker can execute arbitrary code by uploading a malicious PHP file and accessing it via the /storage/ URL. This...

ABB Ability OPTIMAX

SUMMARY ABB became aware of severe vulnerability in the products versions listed as affected in the advisory, if the optional integration with Azure Active Directory for Single-Sign On is enabled. We have not received any reports of this vulnerability being exploited. An attacker who...

CVE-2025-64691

CVE-2025-64691 affects AVEVA Process Optimization (Code Injection) where an authenticated OS-standard user can tamper TCL Macro scripts to escalate privileges to OS system, potentially fully compromising the Model Application Server. Public summaries describe local, authenticated, user-level acce...

CVE-2025-61937 AVEVA Process Optimization Code Injection

The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server...

CVE-2025-61937

CVE-2025-61937 affects AVEVA Process Optimization. The flaw allows unauthenticated remote code execution via the taoimr service, potentially fully compromising the model application server. CVSS metrics in the documents show CRITICAL impact. Remediation details or fixed versions are not provided ...

Dive code injection vulnerability

Dive is a desktop application for MCP hosts, open-sourced by OpenAgentPlatform. Versions of Dive prior to 0.13.0 contained a code injection vulnerability. This vulnerability stemmed from specially crafted deep links that allowed the installation of MCP server configurations controlled by attacker...

AVEVA Process Optimization Code Injection Vulnerability

AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has a code injection vulnerability. This vulnerability allows unverified attackers to execute remote code, potentially leading to the complete compromise of t...

MiracleLinux 4 : mutt-1.5.20-9.20091214hg736b6a.AXS4 (AXSA:2018-3302:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3302:01 advisory. mutt: Remote code injection vulnerability to an IMAP mailbox CVE-2018-14354 mutt: Remote Code Execution via backquote characters CVE-2018-14357 mutt...

MiracleLinux 7 : mutt-1.5.21-28.el7 (AXSA:2018-3300:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3300:01 advisory. mutt: Remote code injection vulnerability to an IMAP mailbox CVE-2018-14354 mutt: Remote Code Execution via backquote characters CVE-2018-14357 mutt...

AVEVA Process Optimization Code Injection Vulnerability

AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has a code injection vulnerability. This vulnerability arises because authenticated attackers could potentially alter TCL macro scripts, leading to privilege...

MiracleLinux 7 : icedtea-web-1.7.1-2.0.1.el7.AXS7 (AXSA:2019-3964:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3964:01 advisory. icedtea-web: path traversal while processing elements of JNLP files results in arbitrary file overwrite CVE-2019-10182 icedtea-web: directory...

CVE-2020-36930 SysGauge 7.9.18 - ' SysGauge Server' Unquoted Service Path

SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\SysGauge Server\bin\sysgaus.exe' to inject malicious executables...

Cisco Identity Services Engine (cisco-sa-ise-xss-9TDh2kx)

According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the...

Arbitrary Code Injection

Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to Arbitrary Code Injection in the map function, where closures and arrays are not properly checked against the allow list. Note: This is a regression of the fix to CVE-2023-2017. Remediatio...

Arbitrary Code Injection

Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Arbitrary Code Injection in the map function, where closures and arrays are not properly checked against the allow list. Note: This is a regression of...

CVE-2025-41717

An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation 'Code...

CVE-2026-0498

SAP S/4HANA Private Cloud and On-Premise allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability...