1801 matches found
EUVD-2025-9739
Malicious code in bioql PyPI...
EUVD-2023-30292
Malicious code in bioql PyPI...
EUVD-2021-29348
Malicious code in bioql PyPI...
EUVD-2025-13911
Malicious code in bioql PyPI...
EUVD-2024-0536
Malicious code in bioql PyPI...
EUVD-2022-52946
Malicious code in bioql PyPI...
EUVD-2023-31711
Malicious code in bioql PyPI...
EUVD-2024-2640
Malicious code in bioql PyPI...
Command Injection
Overview adb-mcp is a MCP server for Android Debug Bridge ADB interactions in TypeScript Affected versions of this package are vulnerable to Command Injection via the executeAdbCommand function. An attacker can execute arbitrary system commands by supplying specially crafted input to the device...
Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9.
Summary Multiple vulnerabilities have been remediated in components used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang...
MCIR
The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. It is a collection of tools designed to demonstrate various types of code injection vulnerabilities, including SQL injection, XML/XPath/XSL injection, Cross-Site Scripting XSS, and shell...
CVE-2025-55211 FreePBX Post-Authenticated Command Injection
FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel ACP can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21...
CVE-2025-57633
A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftpfile parameter and executes it using os.system without sanitization ...
Linux Distros Unpatched Vulnerability : CVE-2008-7319
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments e.g., invalid hostnames containing shell metacharacters before use ...
Linux Distros Unpatched Vulnerability : CVE-2019-8427
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters. CVE-2019-8427 Note that Nessus relies on...
CVE-2025-55583
Affected product: D-Link DIR-868L B1 router with firmware FW2.05WWB02. Vulnerability: unauthenticated OS command injection in fileaccess.cgi; endpoint /dws/api/UploadFile passes pre_api_arg directly to system-level shell without sanitization/authentication. Impact: remote command execution as roo...
CVE-2025-30056 Calling system commands via RunCommand
The RunCommand function accepts any parameter, which is then passed for execution in the shell. This allows an attacker to execute arbitrary code on the system...
CVE-2025-30056 Calling system commands via RunCommand
The RunCommand function accepts any parameter, which is then passed for execution in the shell. This allows an attacker to execute arbitrary code on the system...
CVE-2025-50974
The Calamaris log exporter CGI /cgi-bin/logs.cgi/calamaris.dat in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell metacharacters in any of...
CVE-2025-50974
The Calamaris log exporter CGI /cgi-bin/logs.cgi/calamaris.dat in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell metacharacters in any of...