NewStart CGSL MAIN 7.02 : patch Multiple Vulnerabilities (NS-SA-2025-0205)

The remote NewStart CGSL host, running version MAIN 7.02, has patch packages installed that are affected by multiple vulnerabilities: - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload...

VulnCheck KEV: CVE-2025-34068

An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are...

GHSA-GJV4-GHM7-Q58Q MCP Server Kubernetes vulnerable to command injection in several tools

Summary A command injection vulnerability exists in the mcp-server-kubernetes MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to...

Exploit for Injection in Cisco Identity_Services_Engine

CVE-2025-20281-2-Cisco-ISE-RCE Unauthenticated Python PoC for...

CVE-2024-40089

A Command Injection vulnerability in Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device...

CVE-2024-47219

An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection...

CVE-2023-26490

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to...

CVE-2021-42372

A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...

CVE-2019-10780

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open...

CVE-2019-13624

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command...

CVE-2017-9828

'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera...

CVE-2025-32821

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance...

CVE-2025-32821

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance...

CVE-2025-32821

CVE-2025-32821 (SonicWall SMA100) is a post-authentication command-injection/file-write vulnerability in the SMA100 SSL-VPN. An admin user can inject shell arguments to write a file anywhere the nobody user can write to, potentially enabling root-level remote code execution when chained with CVE-...

Milesight UG65-868M-EA

RISK EVALUATION Successful exploitation of this vulnerability could allow any user with admin privileges to inject arbitrary shell commands. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Ensure that...

Linux Distros Unpatched Vulnerability : CVE-2015-20107

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow...

SUSE-SU-2025:0599-1 Security update for emacs

This update for emacs fixes the following issues: - CVE-2025-1244: improper handling of custom 'man' URI schemes allow for shell command injections. bsc1237091...

SUSE-SU-2025:0589-1 Security update for emacs

This update for emacs fixes the following issues: - CVE-2025-1244: improper handling of custom 'man' URI schemes allow for shell command injections. bsc1237091...

Security update for emacs

This update for emacs fixes the following issues: CVE-2025-1244: improper handling of custom "man" URI schemes allow for shell command injections. bsc1237091 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:0574-1 Security update for emacs

This update for emacs fixes the following issues: - CVE-2025-1244: improper handling of custom 'man' URI schemes allow for shell command injections. bsc1237091...