EUVD-2020-29851

Malware in sbrugna...

Unity Linux 20.1070e Security Update: xterm (UTSA-2025-680592)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680592 advisory. xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi...

CVE-2025-60957

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information...

CVE-2025-60957

The CVE-2025-60957 entry concerns EndRun Technologies Sonoma D12 Network Time Server (GPS) firmware 4.00 on hardware/version 6010-0071-000. The vulnerability is an OS Command Injection in the router’s OS, enabling an unauthenticated or remote attacker to potentially execute arbitrary code, cause ...

CVE-2025-60962

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts...

CVE-2025-60965

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts...

EUVD-2025-31021

Malicious code in bioql PyPI...

EUVD-2022-50315

Malicious code in bioql PyPI...

EUVD-2022-34513

Malicious code in bioql PyPI...

EUVD-2023-39761

Malicious code in bioql PyPI...

EUVD-2025-28866

Malicious code in bioql PyPI...

EUVD-2023-28541

Malicious code in bioql PyPI...

EUVD-2025-27500

Malicious code in bioql PyPI...

CVE-2025-59738 Multiple vulnerabilities in AndSoft's e-TMS

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMBET.ASP'...

CVE-2025-59738

AndSoft e-TMS v25.03 contains an OS command-injection vulnerability. The flaw originates from the misuse of the m parameter in the /clt/LOGINFRM_BET.ASP endpoint, exploitable via a POST request to run operating-system commands on the server. Public advisories (NVD, CNVD/CNNVD, CIRCL/CVE) confirm ...

PT-2025-40357

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description An operating system command injection issue exists in AndSoft e-TMS version 25.03. This allows an attacker to execute operating system commands on the server. The issue is exploitable by sending a POST...

CVE-2025-11005 TOTOLINK X6000R Unauthenticated Command Injection Vulnerability

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1458B20250708...

CVE-2025-52906

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360B20241207...

CVE-2025-52906

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360B20241207...

CVE-2025-10589

The N-Reporter, N-Cloud, and N-Probe developed by N-Partner has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server...