25205 matches found
PT-2025-47397
Name of the Vulnerable Software and Affected Versions affected versions not specified Description A flaw exists in the command line interface that may allow a remote attacker with authentication to inject commands. Exploitation could lead to the execution of arbitrary commands on the operating...
Fortinet FortiWeb 安全漏洞
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure web applications and protect sensitive database content. A security vulnerability exists in Fortinet...
Zyxel DX3300-T0 操作系统命令注入漏洞
The Zyxel DX3300-T0 is a small wireless WiFi router from China Hopkins Zyxel. An operating system command injection vulnerability exists in Zyxel DX3300-T0 5.50 ABVY.6.3 C0 and earlier versions, which stems from the presence of post-authentication command injection in the priv parameter, which...
PT-2025-47237
Name of the Vulnerable Software and Affected Versions Zyxel DX3300-T0 firmware versions prior to 5.50ABVY.6.3C0 Description A post-authentication command injection issue exists in the priv parameter. Successful exploitation allows an authenticated attacker to execute operating system OS commands ...
Mozilla Firefox < 62.0
The version of Firefox installed on the remote Windows host is prior to 62.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-20 advisory. - A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that ...
Mozilla Thunderbird < 91.1
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-41 advisory. - Mozilla developers Tyson Smith, Christian Holler, and Gabriele Svelto reported memory safety bugs present...
AIX : Multiple Vulnerabilities (IJ56113)
The version of AIX installed on the remote host is prior to APAR IJ56113. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ56113 advisory. - IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute...
Photon OS 5.0: Linux PHSA-2025-5.0-0676
An update of the Linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0676. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Mozilla Thunderbird < 52.8
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-13 advisory. - Mozilla developers backported selected changes in the Skia library. These changes correct memory corrupti...
PT-2025-47388
Name of the Vulnerable Software and Affected Versions AOS-CX Operating System affected versions not specified Description A command injection vulnerability exists in the AOS-CX Operating System. Exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution RCE on th...
PT-2025-47387
Name of the Vulnerable Software and Affected Versions AOS-CX Operating System affected versions not specified Description A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Executio...
Important Photon OS Security Update - PHSA-2025-5.0-0682
Updates of 'containerd', 'linux-esx', 'linux' packages of Photon OS have been released...
CVE-2025-55055
CWE-78 Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...
CVE-2025-34322 Nagios Log Server < 2026R1.0.1 Authenticated Command Injection via Natural Language Queries
Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature. When this feature is configured, certain user-controlled settings—including model selection and connection parameters—are read from the...
CVE-2025-34322
Nagios Log Server (before 2026R1.0.1) is affected by an authenticated command-injection in the experimental Natural Language Queries feature. The issue arises when user-controlled settings (including model selection and connection parameters) are read from global configuration and concatenated in...
CVE-2025-55055
CWE-78 Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...
EUVD-2025-197852
CWE-78 Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...
CVE-2025-13193
Affects libvirt-based virtualization. CVE-2025-13193 causes external inactive snapshots for shut-down VMs to be world-readable, enabling information disclosure by unprivileged users. Public sources (Unity Linux UTSA-2025-993329; openSUSE openSUSE-SU-2025-20100-1; SUSE SUSE-SU-2026:0279-1) describ...
CVE-2025-13193
A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability. Mitigation Mitigation for this issue is either...
CVE-2025-13284
ThinPLUS developed by ThinPLUS has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server...