MiracleLinux 8 : sssd-2.4.0-9.el8.2 (AXSA:2021-2364:07)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2364:07 advisory. sssd: shell command injection in sssctl CVE-2021-3621 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

HPE AOS 安全漏洞

HPE AOS is an operating system from HPE, USA. A security vulnerability exists in HPE AOS that stems from a packet header that can be injected with shell commands, which could lead to the execution of arbitrary commands...

CVE-2018-18753

Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF...

CVE-2025-6225

Kieback Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02...

Kieback&Peter Neutrino-GLT 操作系统命令注入漏洞

Kieback&Peter Neutrino-GLT is a building management system from Kieback&Peter, Germany. Kieback&Peter Neutrino-GLT suffers from an operating system command injection vulnerability that stems from a shell command injection in the web component SM70 PHWEB login form, which could lead to the executi...

Exploit for CVE-2025-14558

CVE-2025-14558 FreeBSD rtsold DNSSL Command Injection RCE...

FreeBSD Security Advisory - FreeBSD-SA-25:12.rtsold

FreeBSD Security Advisory - The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that...

Linux Distros Unpatched Vulnerability : CVE-2025-12744

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the ABRT daemon's handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them direct...

CVE-2025-66404

MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the execinpod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string...

CVE-2025-66404 mcp-server-kubernetes potential security issue in exec_in_pod tool

MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the execinpod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string...

EUVD-2025-200735

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command docker inspect %s without proper validation. An unprivileged local user can craft a payload that injects shell...

CVE-2025-11786 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf' without any sanitisation or validation, and then executed using 'system'. This allows a...

EUVD-2025-199825

Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker has to log in to the router's administrative portal, which by default is reachable only via LAN ports...

CVE-2025-8890 Authenticated RCE in SDMC NE6037 router

Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker has to log in to the router's administrative portal, which by default is reachable only via LAN ports...

CVE-2025-8890 Authenticated RCE in SDMC NE6037 router

Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker has to log in to the router's administrative portal, which by default is reachable only via LAN ports...

Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements used in a Command (CVE-2015-20107)

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

CVE-2013-10073

CVE-2013-10073 affects Nagios XI versions prior to 2012R1.6. The Auto-Discovery tool accepts user-controlled input that is passed to a shell without adequate sanitation or argument quoting, enabling an authenticated user with discovery access to execute arbitrary commands with the privileges of t...

CVE-2013-10073 Nagios XI < 2012R1.6 Auto-Discovery Shell Command Injection

Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to discovery functionality to execute arbitrary...

CVE-2013-10073 Nagios XI < 2012R1.6 Auto-Discovery Shell Command Injection

Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to discovery functionality to execute arbitrary...

PT-2025-44535

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2012R1.6 Description Nagios XI versions prior to 2012R1.6 contain a shell command injection issue in the Auto-Discovery tool. User-controlled input is passed to a shell without proper sanitization or argument quotin...