PT-2026-3370

A vulnerability has been found in bastillion-io Bastillion up to 4.0.1. This vulnerability affects unknown code of the file src/main/java/io/bastillion/manage/control/AuthKeysKtrl.java of the component Public Key Management System. Such manipulation leads to command injection. It is possible to...

PT-2026-5425

Name of the Vulnerable Software and Affected Versions Tenda HG10 US HG7 HG9 HG10re 300001138 en xpon affected versions not specified Description A flaw exists in the Login Interface component of the software, specifically within the checkUserFromLanOrWan function located in the...

Siklu EtherHaul Series EH-8010 - Remote Command Execution

Exploit Title:Siklu EtherHaul Series EH-8010 - Remote Command Execution Shodan Dork: "EH-8010" or "EH-1200" Date: 2025-08-02 Exploit Author: semaja2 - Andrew James Vendor Homepage: https://www.ceragon.com/products/siklu-by-ceragon Software Link: ftp://ftp.bubakov.net/siklu/ Version: EH-8010 and...

Malicious code in uitil (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ff0b75197d8e7cd361d61461260811fba8920c54b8538cb5f21ec2fc1c885ec3 The package implements an undocumented way to execute code hidden in image files, and a function that searches for images in the current directory and attempts...

CVE-2021-47836

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowin...

CVE-2025-60021

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

CVE-2025-60021

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

CVE-2025-60021

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

CVE-2025-60021 Apache bRPC: Remote command injection vulnerability in heap builtin service

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

CVE-2025-60021 Apache bRPC: Remote command injection vulnerability in heap builtin service

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

CVE-2025-60021

Apache bRPC CVE-2025-60021 is a remote command injection in the heap profiler built-in service (/pprof/heap) affecting all versions

MiracleLinux 7 : emacs-24.3-20.el7 (AXSA:2017-2282:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-2282:02 advisory. A command injection flaw within the Emacs enriched mode handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file...

CVE-2021-47758

Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables...

PT-2026-5234

Name of the Vulnerable Software and Affected Versions Totolink A7000R version 4.1cu.4154 Description A flaw exists in Totolink A7000R version 4.1cu.4154 that allows for command injection. The issue is located in the CloudACMunualUpdateUserdata function within the /cgi-bin/cstecgi.cgi file...

Linux Distros Unpatched Vulnerability : CVE-2023-54335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers...

PT-2026-3034

Name of the Vulnerable Software and Affected Versions Chikitsa Patient Management System version 2.0.2 Description The software contains an authenticated remote code execution issue. Attackers can upload malicious PHP plugins through the module upload functionality. Authenticated attackers can...

CVE-2022-50806

4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php...

VMware Spring CLI VSCode Extension 安全漏洞

VMware Spring CLI VSCode Extension is a Visual Studio Code add-in from VMware, Inc. A security vulnerability exists in VMware Spring CLI VSCode Extension that originates from command injection and could lead to the execution of commands on a user's machine...

Fortinet FortiSIEM Unauthenticated Remote Command Injection (FG-IR-25-772)

The version of Fortinet FortiSIEM running on the remote server is 6.7.x through 6.7.10, 7.0.x through 7.0.4, 7.1.x prior to 7.1.9, 7.2.x prior to 7.2.7, 7.3.x prior to 7.3.5, or 7.4.0. It is, therefore, affected by an unauthenticated remote command injection vulnerability: - An improper...

MiracleLinux 4 : bind-9.7.3-2.2.0.1.AXS4.P3 (AXSA:2011-406:01)

"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-406:01 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves ho...