CVE-2022-32534

The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface. This allows execution of shell commands...

CVE-2024-1881

AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command 'OS Command Injection' due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not...

CVE-2024-42360

SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been...

CVE-2024-42502

Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system...

CVE-2024-48419

The CVE-2024-48419 entry concerns the Edimax BR-6476AC router (version 1.06) with a Command Injection vulnerability in /bin/goahead. The issue can be triggered via /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd, allowing an attacker with web interface access to...

PT-2025-2192 · Newtec · Newtec/Idirect Ntc2299 +2

Name of the Vulnerable Software and Affected Versions: Newtec/iDirect NTC2218, NTC2250, NTC2299 versions 1.0.1.1 through 2.2.6.19 Description: The issue affects the commit multicast page in the modem's web administration interface, which improperly parses incoming data from the request before...

Exploit for CVE-2024-42327

Zabbix-CVE-2024-42327 RCE PoC...

Exploit for Cross-site Scripting in Melapress Wp_Activity_Log

CVE-2024-10793 PoC Set this lines to your hosts file:...

ABB Cylon Aspect 3.08.01 (servicesUpdate.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated blind OS...

CVE-2024-53992 unzip-bot Allows Remote Code Execution (RCE) via archive extraction, password prompt, or video upload

unzip-bot is a Telegram bot to extract various types of archives. Users could exploit unsanitized inputs to inject malicious commands that are executed through subprocess.Popen with shell=True. Attackers can exploit this vulnerability using a crafted archive name, password, or video name. This...

CVE-2024-49362 Remote Code Execution on click of <a> Link in markdown preview

Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This...

Joplin 代码注入漏洞

Joplin is an open source note-taking and to-do list application from the individual developer Laurent Cozic. A code injection vulnerability exists in Joplin version 3.0, which stems from improper cleanup of tag attributes that can execute untrusted HTML content within an Electron window, resultin...

ABB Cylon Aspect 3.08.00 sslCertAjax.php Remote Command Execution

ABB Cylon Aspect 3.08.00 sslCertAjax.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management and...

EulerOS 2.0 SP11 : emacs (EulerOS-SA-2024-2552)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, Gnus treats inline MIME contents as trusted.CVE-2024-30203 In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands ...

CVE-2024-47219

An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection...

CVE-2024-47219

An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection...

NebulaGraph 安全漏洞

NebulaGraph is a popular open source graphics database open sourced by vesoft. A security vulnerability exists in NebulaGraph version 3.8.0 that stems from allowing shell command injection...

CVE-2024-47219

An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection...

PT-2024-32482 · Vesoft · Vesoft Nebulagraph

Name of the Vulnerable Software and Affected Versions: vesoft NebulaGraph versions through 3.8.0 Description: An issue was discovered in vesoft NebulaGraph that allows shell command injection. Recommendations: For versions through 3.8.0, update to a version later than 3.8.0 to resolve the issue. ...

CVE-2024-47219

An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection...