68 matches found
CVE-2026-22781
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query parameters are passed as command-line arguments to the CGI executable via Windows CreateProcess. An...
CVE-2026-22781 TinyWeb CGI Command Injection
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query parameters are passed as command-line arguments to the CGI executable via Windows CreateProcess. An...
CVE-2026-22781
CVE-2026-22781 applies to TinyWeb HTTP Server prior to 1.98. The flaw is an OS command injection via CGI ISINDEX-style query parameters, where the parameters are passed as command-line arguments to the CGI executable through Windows CreateProcess(). An unauthenticated remote attacker can inject W...
PT-2026-2293
Name of the Vulnerable Software and Affected Versions TinyWeb versions prior to 1.98 Description TinyWeb is a web server for Win32. Versions of TinyWeb HTTP Server before 1.98 contain a flaw that allows for operating system command injection. This occurs through CGI ISINDEX-style query parameters...
HSEC-2024-0003 process: command injection via argument list on Windows
process: command injection via argument list on Windows The process library on Windows is vulnerable to a command injection vulnerability, via cmd.exe's interpretation of arguments. Programs that invoke batch files .bat, .cmd and pass arguments whose values are affected by program inputs may be...
CVE-2025-61787
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injection attacks on Windows when batch files are executed. In Windows, CreateProcess always implicitly spawns cmd.exe if a batch file .bat, .cmd, etc. is being executed ev...
CVE-2025-61787
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injection attacks on Windows when batch files are executed. In Windows, CreateProcess always implicitly spawns cmd.exe if a batch file .bat, .cmd, etc. is being executed ev...
PT-2025-41212
Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.5.3 and 2.2.15 Description Deno, a JavaScript, TypeScript, and WebAssembly runtime, is susceptible to Command Line Injection attacks on Windows operating systems when batch files are executed. The Windows operating...
SUSE CVE-2024-3566
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied...
BIT-NODE-MIN-2024-3566 Command injection vulnerability in programing languages on Microsoft Windows operating system.
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied...
BIT-NODE-2024-3566 Command injection vulnerability in programing languages on Microsoft Windows operating system.
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied...
CVE-2024-3566
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied...
CVE-2024-1874
A command injection flaw was found in PHP, exclusive to Windows environments. This flaw allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function in specific conditions. The CreateProcess function implicitly uses cmd.exe when...
CVE-2024-3566
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied...
CVE-2024-3566 Command injection vulnerability in programing languages on Microsoft Windows operating system.
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied...
CVE-2024-3566
Technical details about CVE-2024-3566 are not provided in the connected documents. The initial description notes a command injection risk, but no affected products, versions, impact, or fixes are specified here. Monitor for updated technical disclosures.
CVE-2024-3566
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied...
CVE-2024-3566 Command injection vulnerability in programing languages on Microsoft Windows operating system.
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied...
Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks
A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score of 10.0, indicating maximum severity. That said, it only impacts scenarios where batch files are...
Microsoft Windows 安全漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows due to a command injection issue in Windows applications that indirectly rely on the CreateProcess function when certain conditions ar...