FLIR Systems AX8 Cameras Command Injection (CVE-2025-5695)

A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. This impacts the function subscribetospot/subscribetodelta/subscribetoalarm of the file /usr/www/application/models/subscriptions.php of the component Backend. Such manipulation leads to command injection. It is possible to launch...

Command Injection

@signalk/set-system-time, is vulnerable to command injection. The vulnerability is due to unsafe construction of shell commands while processing navigation.datetime values via WebSocket delta messages, which allows an attacker with write access or unauthenticated access when security is disabled ...

[SECURITY] Fedora 42 Update: rust-git-delta-0.18.2-13.fc42

A syntax-highlighting pager for git...

[SECURITY] Fedora 43 Update: rust-git-delta-0.18.2-13.fc43

A syntax-highlighting pager for git...

CVE-2025-5329

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Martcode Software Inc. Delta Course Automation allows SQL Injection.This issue affects Delta Course Automation: through 04022026. NOTE: The vendor was contacted early about this disclosure but did...

Delta Electronics ASDA-Soft Stack Buffer Overflow Vulnerability

Delta Electronics ASDA-Soft is an AC servo motor from Delta Electronics China. The Delta Electronics ASDA-Soft suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on the system...

Delta Electronics DIAView Authentication Bypass Vulnerability

Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. Delta Electronics DIAView suffers from an authentication bypass vulnerability, no details of the vulnerability are provided at this time...

Unspecified Vulnerability in Delta Electronics DIAView

Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A security vulnerability exists in Delta Electronics DIAView that stems from failure to authenticate critical functions. No details of the vulnerability are available at this time...

CVE-2025-5329

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Martcode Software Inc. Delta Course Automation allows SQL Injection. This issue affects Delta Course Automation: through 04022026. NOTE: The vendor was contacted early about this disclosure but did...

CVE-2025-5329 SQLi in Martcode Software's Delta Course Automation

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Martcode Software Inc. Delta Course Automation allows SQL Injection. This issue affects Delta Course Automation: through 04022026. NOTE: The vendor was contacted early about this disclosure but did...

CVE-2025-5329

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Martcode Software Inc. Delta Course Automation allows SQL Injection. This issue affects Delta Course Automation: through 04022026. NOTE: The vendor was contacted early about this disclosure but did...

EUVD-2025-206820

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Martcode Software Inc. Delta Course Automation allows SQL Injection.This issue affects Delta Course Automation: through 04022026. NOTE: The vendor was contacted early about this disclosure but did...

CVE-2025-5329 SQLi in Martcode Software's Delta Course Automation

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Martcode Software Inc. Delta Course Automation allows SQL Injection. This issue affects Delta Course Automation: through 04022026. NOTE: The vendor was contacted early about this disclosure but did...

Martcode Delta Course Automation SQL注入漏洞

Martcode Delta Course Automation is an automated marketing and course management system developed by the Turkish company Martcode. Versions of Martcode Delta Course Automation prior to 04022026 contained a SQL injection vulnerability. This vulnerability stemmed from improper neutralization of...

PT-2026-5909

Name of the Vulnerable Software and Affected Versions Delta Course Automation versions through 04022026 Description Delta Course Automation is susceptible to a SQL Injection issue due to improper neutralization of special elements used in an SQL command. This allows for potential unauthorized...

CVE-2026-23515

Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated...

CVE-2026-23515 RCE - Command Injection in Signal K set-system-time plugin

Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated...

CVE-2026-23515 RCE - Command Injection in Signal K set-system-time plugin

Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated...

CVE-2026-23515

Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated...

GHSA-P8GP-2W28-MHWG Signal K set-system-time plugin vulnerable to RCE - Command Injection

Summary A Command Injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated users can also exploit this vulnerability if security is disabled on the Signal K...