19611 matches found
CVE-2025-9149
A vulnerability was determined in Wavlink WL-NU516U1 M16U1V240425. This impacts the function sub4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guestssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...
CVE-2025-24285
Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite. Affected Products: UniFi Connect EV Station Lite Version 1.5.1 and earlier Mitigation: Update UniFi...
Linux Distros Unpatched Vulnerability : CVE-2009-4488
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly...
ROS-20250821-03
EMACS text editor vulnerability exists due to failure to take measures to neutralize special elements. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...
CVE-2025-9262
A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity...
CVE-2025-9262 wong2 mcp-cli oAuth provider.js redirectToAuthorization os command injection
A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity...
CVE-2025-9244
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaticRoute of the file /goform/addStaticRoute. Such manipulation of the argument...
CVE-2025-9244
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaticRoute of the file /goform/addStaticRoute. Such manipulation of the argument...
CVE-2025-9244
The CVE-2025-9244 entry describes a remote OS command injection in Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 devices. Affected component: the addStaticRoute function in /goform/addStaticRoute. Exploitable by manipulating arguments staticRoute_IP_setting, staticRoute_Netmask_setting, stati...
Spree Commerce is vulnerable to RCE through Search API
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...
GHSA-X485-RHG3-CQR4 Spree Commerce is vulnerable to RCE through Search API
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...
CVE-2011-10028
The RealNetworks RealArcade platform includes an ActiveX control InstallerDlg.dll, version 2.6.0.445 that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation...
CVE-2010-20103
A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows...
CVE-2011-10026
The CVE-2011-10026 issue affects Spreecommerce versions prior to 0.50.x, where the API search endpoint is vulnerable to remote command execution. The root cause is improper input sanitation that allows injection of arbitrary shell commands via the search[instance_eval] parameter, which is dynamic...
CVE-2011-10026 Spreecommerce < 0.50.x API RCE
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...
CVE-2011-10028
CVE-2011-10028 affects RealArcade/RealNetworks RealArcade platform via an ActiveX control (InstallerDlg.dll, 2.6.0.445) exposing Exec through StubbyUtil.ProcessMgr COM. The method allows remote attackers to execute arbitrary commands on a Windows machine without proper validation or restrictions....
CVE-2011-10028
The RealNetworks RealArcade platform includes an ActiveX control InstallerDlg.dll, version 2.6.0.445 that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation...
CVE-2010-20103 ProFTPD 1.3.3c Backdoor Command Execution
A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows...
PT-2025-33901 · Commvault · Commvault
Name of the Vulnerable Software and Affected Versions: Commvault versions prior to 11.36.60 Description: A security issue exists in Commvault that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful...
PT-2025-34107 · Undefined · Undefined
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstance eval parameter, which is dynamically invoked using Ruby’s send method. Th...