1086 matches found
@react-native-community/cli has arbitrary OS command injection
The Metro Development Server, which is opened by the React Native CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...
CVE-2025-64348
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not configured to allow...
CVE-2025-64348
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not configured to allow...
ELog 安全漏洞
ELog is an electronic logging software with a web interface by the individual developer Stefan Ritt. ELog suffers from a security vulnerability that stems from the ability of an authenticated user to modify or overwrite configuration files, potentially leading to a denial of service. If execution...
CVE-2025-6542
An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...
CVE-2025-6542
An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...
CVE-2025-6541
An arbitrary OS command may be executed on the product by the user who can log in to the web management interface...
CVE-2025-6541
An arbitrary OS command may be executed on the product by the user who can log in to the web management interface...
CVE-2025-6542 OS command injection in multiple parameters
An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...
TP-Link Omada gateways 安全漏洞
TP-Link Omada gateways is a security gateway from China P&L TP-Link. A security vulnerability exists in TP-Link Omada gateways that originates from a remote unauthenticated attacker who could execute arbitrary OS commands...
CVE-2025-62577
ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges...
CVE-2025-59051
The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint Manager 16 before 16.0.92 and 17 before 17.0.6, insufficiently sanitized user-supplied input allows authenticated OS command...
CVE-2025-61941
A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the affected product. Moreover, arbitrary OS command may be executed via some file alteration...
EUVD-2025-34529
A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the affected product. Moreover, arbitrary OS command may be executed via some file alteration...
CVE-2025-0636
EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution...
CVE-2025-0636
EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution...
Ericsson RAN Compute和Ericsson Site Controller 6610 安全漏洞
Ericsson RAN Compute and Ericsson Site Controller 6610 are both products of Ericsson, a Swedish company.Ericsson RAN Compute is a cloud-native software solution for handling computing functions in a RAN.Ericsson Site Controller 6610 is an intelligent power management controller for site...
CVE-2025-53967
Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize...
EUVD-2016-3948
Malware in sbrugna...
EUVD-2019-1130
Malware in sbrugna...