[SECURITY] Fedora 41 Update: salt-3007.4-4.fc41

Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loa...

📄 Off 2.15 Unauthenticated Remote System Control

Off version 2.15 exposes a TCP service on 1984 port that allows unauthenticated attackers to issue remote system control commands such as Shutdown, Restart, Lock, Sleep, and Hibernate. Exploit Title: Off 2.15 - Unauthenticated Remote System Control Date: 25/06/25 Exploit Author: Chokri Hammedi...

Autel MaxiCharger AC Wallbox Commercial 安全漏洞

Autel MaxiCharger AC Wallbox Commercial is a smart AI electric car charger from Autel USA. The Autel MaxiCharger AC Wallbox Commercial suffers from a command execution vulnerability that stems from a bleprocessesp32msg function input misinterpretation, which can be exploited by an attacker to cau...

CVE-2024-13089

An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these...

Malicious code in caixaequ2ahzoop (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 da1d699d5d12de135ae0da4180622e30084a77fd76ee5cd36fe5667ce14c4bbe Obfuscated code gets a command from the remote target and executes it. At the time of the test, it was just "whoami". Thus, it's rather just an experiment ---...

CVE-2023-31493

RCE Remote Code Execution exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system...

CVE-2023-36485

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...

CVE-2020-12017

GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could allow multiple unauthenticated attacks that could cause serious impact. The vulnerability may allow an unauthenticated attacker to execute...

CVE-2020-0757

An elevation of privilege vulnerability exists when Windows improperly handles Secure Socket Shell remote commands, aka 'Windows SSH Elevation of Privilege Vulnerability'...

CVE-2010-4638

SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s comjquarks4s component 1.0.0 for Joomla!, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php...

CVE-2012-4673

SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sortcol variable in the listitems function, a different vulnerability than CVE-2012-3477...

The vulnerability of the API component of the Zabbix monitoring system allows a attacker to execute arbitrary commands.

The vulnerability of the API component of the Zabbix monitoring system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary commands by processing the groupBy parameter...

The vulnerability of the microprogrammed control panel software for Honeywell MB-Secure and MB-Secure PRO devices arises from the lack of measures taken to neutralize special elements used in the operating system’s command sequence. This allows attackers to execute arbitrary commands with elevated privileges.

The vulnerability of the microprogrammed control panel software for Honeywell MB-Secure and MB-Secure PRO devices is related to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute...

CVE-2025-44872

Tenda AC9 V15.03.06.42multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

The vulnerability of the telnet CLI service in NETGEAR’s integrated software routers FVS336Gv2 and FVS336Gv3 allows a hacker to execute arbitrary commands with root privileges.

The vulnerability of the telnet CLI service in NETGEAR’s integrated router software products like FVS336Gv2 and FVS336Gv3 exists due to the lack of measures to neutralize specific components. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges...

Malicious code in @nationalgeographicsociety/ngsui-footer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c2e0774a528586e00ee067cc42c7701529d5ea60809590ae156b473dffb95b4e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in architecture-viewer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4282b66b0052ca80f8717181dbf7b0b94e88433b9e37f9ae718531960f9ddcbd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in com.unity.performance.profile-analyzer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0af641db458fc7a8378ef6660e94aa21d6e8a8662aa90cc72412d909765b39d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in foundry-js-react-blueprint (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 003370478f168f2d57cb08caf6214ba25adf57eaefa736fc7460dd4550ee09c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in limit-order-validation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7ad6cba9faf323fb0ffae19f703ba40944f39673b2e8803037d19ff0990671f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...