71 matches found
GHSA-9G95-QF3F-GGRW n8n has OS Command Injection in Git Node
Impact Vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. Patches The issue has been fixed in n8n versions 2.5.0, and 1.123.10. Users should upgrade to this version...
CVE-2015-10145
Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/runcommands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary she...
CVE-2015-10145 Gargoyle 1.5.x Authenticated OS Command Execution via run_commands.sh
Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/runcommands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary she...
CVE-2015-10145
Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/runcommands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary she...
CVE-2015-10145
Gargoyle router management utility versions 1.5.x expose an authenticated OS command execution vulnerability in /utility/run_commands.sh due to improper validation of the commands parameter. An authenticated attacker can execute arbitrary shell commands on the device, potentially leading to full ...
VulnCheck KEV: CVE-2015-10145
Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/runcommands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary she...
CVE-2025-66174
There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands...
PT-2025-52416
There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands...
PT-2025-49812
A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected...
EUVD-2025-201280
DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...
Privilege Escalation
github.com/canonical/lxd is vulnerable to Privilege Escalation. The vulnerability is due to improper authorization in the Operations API, where an attacker with only read permissions can hijack terminal or console WebSocket sessions and execute arbitrary commands...
EUVD-2025-33583
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI...
PT-2025-41180
『allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system』 IBM Security Verify Access and IBM Verify Identity Access products. CVE-2025-36354, CVE-2025-36355, CVE-2025-363546 https://t.co/SJGzwogo72...
Security Updates for Microsoft Excel Products (August 2025)
The Microsoft Excel Products are missing a security update. They are, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2025-53735, CVE-2025-53737,...
Cross-site Scripting (XSS)
Overview fprime-gds is a F Prime Flight Software Ground Data System layer Affected versions of this package are vulnerable to Cross-site Scripting XSS on the Run Commands table. An attacker can execute scripts in the context of the browser by injecting malicious strings as cmdDisp.CMDNOOPSTRING...
emacs: Shell Injection Vulnerability in GNU Emacs via Custom "man" URI Scheme
A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect...
CVE-2024-29848
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM...
PT-2024-38910 · Xcc · Xcc
Name of the Vulnerable Software and Affected Versions: XCC affected versions not specified Description: An input validation weakness was discovered that could allow a valid, authenticated user with elevated privileges to perform command injection or cause a recoverable denial of service using a...
Hamastar MeetingHub Paperless Meetings 安全漏洞
Hamastar MeetingHub Paperless Meetings is a paperless e-meeting software from China-based Hamastar. A security vulnerability exists in Hamastar MeetingHub Paperless Meetings version 2021, which stems from an unrestricted file upload vulnerability that could allow a remote authenticated user to...
CVE-2019-16639
An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker who only has web interface access to use TELNET commands and/or show admin passwords via the modeurl=exec&command= substring. This affects EG-2000SE...