118 matches found
RHCOS 4 : OpenShift Container Platform 4.8.31 (RHSA-2022:0483)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0483 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...
CVE-2026-30625
Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands npm, npx accept argument flags that enable...
GHSA-FHH2-GG7W-GWPQ nginx-ui Backup Restore Allows Tampering with Encrypted Backups
Summary The nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. Details The backup format lacks a trusted integrity root. Although files are encrypted, the encryption key and IV are provided to the clie...
EUVD-2025-208403
The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input...
USN-8078-1: Zutty vulnerability
Carter Sande discovered that Zutty did not correctly echo invalid input to the console on DECRQSS. An attacker could possibly use this issue to execute arbitrary commands...
GHSA-6F6J-WX9W-FF4J CpenClaw's ACPX Windows wrapper shell fallback allowed cwd injection in specific paths
Summary On Windows ACPX paths, wrapper resolution for .cmd/.bat could fall back to shell execution in ways that allowed cwd influence to alter execution behavior. Impact In affected Windows ACPX configurations, this could enable command execution integrity loss through cwd-influenced wrapper...
SolaX Power Pocket 安全漏洞
SolaX Power Pocket is a monitoring data collection tool developed by SolaX Energy in China. There is a security vulnerability in SolaX Power Pocket, which stems from the lack of server certificate verification when connecting to the SolaX Cloud MQTTS server. This vulnerability could allow a...
CVE-2020-37149
Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery CSRF that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's...
Improper Input Validation
Overview wrangler is a Command-line interface for all things Cloudflare Workers Affected versions of this package are vulnerable to Improper Input Validation via the wrangler pages deploy command when the --commit-hash parameter is passed directly to a shell command without proper validation or...
CVE-2006-1656
vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root...
EUVD-2021-19521
Malware in sbrugna...
EUVD-2018-10281
Malware in sbrugna...
EUVD-2011-4144
Malware in sbrugna...
EUVD-2006-6961
Malware in sbrugna...
EUVD-2017-0001
Malware in sbrugna...
EUVD-2021-27192
Malware in sbrugna...
EUVD-2004-0602
Malware in sbrugna...
EUVD-2005-2537
Malware in sbrugna...
EUVD-2018-0413
Malware in sbrugna...
EUVD-2014-2563
Malware in sbrugna...