EUVD-2023-58546

Malicious code in bioql PyPI...

EUVD-2021-34675

Malicious code in bioql PyPI...

EUVD-2022-5194

Malicious code in bioql PyPI...

EUVD-2023-24398

Malicious code in bioql PyPI...

EUVD-2025-31493

Malicious code in bioql PyPI...

EUVD-2023-56404

Malicious code in bioql PyPI...

CVE-2025-47212 QTS, QuTS hero

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

MeteoBridge template.cgi command injection

Added: 10/03/2025 CVE: CVE-2025-4008 Background MeteoBridge is a device which connects personal weather stations to public weather networks. Problem A command injection vulnerability in the MeteoBridge web interface could allow remote, unauthenticated attackers to execute arbitrary commands by...

CVE-2025-59740

AndSoft e-TMS v25.03 has an OS command injection vulnerability arising from misuse of the m parameter in /clt/LOGINFRM_CAT.ASP. A crafted POST request can lead to execution of operating system commands on the server. Reported across multiple feeds (CNVD/CNNVD/CVELIST-derived notes; PT-SEC) with n...

CVE-2025-59735

CVE-2025-59735 concerns an operating system command injection in AndSoft’s e-TMS v25.03. The vulnerability arises from the misuse of the POST parameter m in the endpoint /clt/LOGINFRM.ASP , allowing an attacker to execute OS commands on the server. Reported in multiple feeds, the issue is describ...

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands

...

PT-2025-40332

Name of the Vulnerable Software and Affected Versions Canonical LXD versions prior to 6.5 Canonical LXD version 5.21 through 5.21.4 Description A privilege escalation issue exists in the operations API of Canonical LXD. An attacker with read permissions can hijack terminal or console sessions and...

AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC.

...

CVE-2025-10847

DX Unified Infrastructure Management Nimsoft/UIM and below contains an improper ACL handling vulnerability in the robot controller component. A remote attacker can execute commands, read from, or write to the target system...

CVE-2025-10847

CVE-2025-10847 concerns Broadcom’s DX Unified Infrastructure Management (Nimsoft/UIM) robot/controller ACL handling. Connected sources indicate an improper ACL handling flaw that allows a remote attacker to execute commands and read from or write to the target system via the robot component. The ...

CVE-2025-10847 DX UIM Probe Improper ACL Handling RCE

DX Unified Infrastructure Management Nimsoft/UIM and below contains an improper ACL handling vulnerability in the robot controller component. A remote attacker can execute commands, read from, or write to the target system...

CVE-2025-11138

A vulnerability was found in mirweiye wenkucms up to 3.4. This impacts the function createPathOne of the file app/common/common.php. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used...

Exploit for OS Command Injection in Dell Unity_Operating_Environment

watchTowr-vs-Dell-UnityVSA-CVE-2025-36604 Detection Artifact...

CVE-2025-11073

A vulnerability was detected in Keyfactor RG-EW5100BE EW3.0B11P280EW5100BE-PRO12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url results in command injection. The attack can be...

CVE-2025-11100

A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uciset of the file /goform/setwifiblacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used...