1283 matches found
CVE-2026-20980
Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands...
CVE-2026-20981
Improper input validation in FacAtFunction prior to SMR Feb-2026 Release 1 allows privileged physical attacker to execute arbitrary command with system privilege...
PT-2026-6403
Impact Vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. Patches The issue has been fixed in n8n versions 2.5.0, and 1.123.10. Users should upgrade to this version...
Hikvision Wireless Access Points security vulnerabilities
Hikvision Wireless Access Points are wireless access point devices produced by the Chinese company Hikvision. There are security vulnerabilities in Hikvision Wireless Access Points, and these vulnerabilities stem from insufficient input validation, which may allow authenticated attackers to execu...
PT-2026-5284
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevate...
PT-2026-4924
Name of the Vulnerable Software and Affected Versions Victor CMS version 1.0 Description Victor CMS version 1.0 has a file upload issue. Authenticated users can upload malicious PHP files through the profile image upload feature. An attacker can upload a PHP shell to the /img directory and execut...
MiracleLinux 7 : nautilus-3.22.3-4.el7 (AXSA:2018-2543:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-2543:01 advisory. An untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened by the...
CVE-2020-36911
Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system...
CVE-2022-50911
Bitrix24 is affected by CVE-2022-50911 per connected sources, described as an authenticated remote code execution vulnerability. An attacker with valid credentials could abuse the PHP command-line administration interface by sending crafted POST requests to an admin endpoint to execute arbitrary ...
CVE-2025-37176 Authenticated Command Injection Vulnerability in an AOS-8 operating system's internal workflow
A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privilege...
CVE-2025-37176
CVE-2025-37176 is an authenticated command-injection vulnerability in Aruba AOS-8. An authenticated privileged user can alter a package header to inject shell commands, potentially causing arbitrary command execution with the privileges of the impacted mechanism. The issue is documented across mu...
PT-2026-2459
Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary comman...
PT-2026-2336
Name of the Vulnerable Software and Affected Versions SAP Wily Introscope Enterprise Manager WorkStation affected versions not specified Description An unauthenticated attacker can create a malicious Java Network Launch Protocol JNLP file accessible via a public URL. When a victim clicks this URL...
CVE-2005-1639
SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 allows remote attackers to execute arbitrary SQL commands via the 1 username, 2 password, or 3 domain fields...
CVE-2021-33736
A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...
CVE-2021-33729
A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database...
CVE-2022-23770
This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal...
PT-2026-1849
Name of the Vulnerable Software and Affected Versions D-Link Router DIR-605L version V6.02CN02 Hardware version F1 Description An issue exists in D-Link Router DIR-605L that allows an attacker with physical access to the UART pins to execute arbitrary commands. This is due to the presence of root...
CVE-1999-0207
Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command...
CVE-1999-0868
ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN...