CVE-2025-55211

FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel ACP can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21...

CVE-2025-55211

FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel ACP can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21...

CVE-2025-55211

FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel ACP can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21...

PT-2025-37763

Name of the Vulnerable Software and Affected Versions: FreePBX versions 17.0.19.11 through 17.0.20 Description: FreePBX is a web-based graphical user interface. Authenticated users of the Administrator Control Panel ACP can execute arbitrary shell commands by manipulating the framework module's...

FreePBX 操作系统命令注入漏洞

FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk IP telephony system via a GUI web-based graphical interface. An operating system command injection vulnerability exists in FreePBX version 17.0.19.11 through versions prior to...

Linux Distros Unpatched Vulnerability : CVE-2024-28335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the...

Schneider Electric Saitel DR RTU 操作系统命令注入漏洞

The Schneider Electric Saitel DR RTU is a remote terminal device from Schneider Electric France. The Schneider Electric Saitel DR RTU suffers from an operating system command injection vulnerability that stems from improper neutralization of special elements, which could lead to the execution of...

CVE-2025-58358

Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...

CVE-2025-58358 Markdownify is vulnerable to command injection through pptx-to-markdown tool

Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...

CVE-2025-58358

CVE-2025-58358 — Markdownify command injection : The Markdownify MCP Server (mcp-markdownify-server) is vulnerable in versions before 0.0.2 due to unsanitized user input used inside child_process.exec, enabling arbitrary shell commands and remote code execution under the server process. The issue...

CVE-2025-58358 Markdownify is vulnerable to command injection through pptx-to-markdown tool

Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...

CVE-2025-58358 Markdownify is vulnerable to command injection through pptx-to-markdown tool

Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...

PT-2025-35862

Name of the Vulnerable Software and Affected Versions: Markdownify versions prior to 0.0.2 Description: Markdownify is a Model Context Protocol server for converting content to Markdown. Versions prior to 0.0.2 contain a command injection issue, caused by the unsanitized use of input parameters...

Linux Distros Unpatched Vulnerability : CVE-2017-12636

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CouchDB administrative users can configure the database server via HTTPS. Some of the configuration options include paths for operating system-level binaries th...

mcp-markdownify-server vulnerable to command injection in pptx-to-markdown tool

Summary A command injection vulnerability exists in the mcp-markdownify-server MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remot...

Command Injection via sonarqube-scan-action GitHub Action

Impact A command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper sanitization. Arguments sent to the action are treated as shell expressions, allowing potential execution of arbitrary commands. Patches...

GHSA-F79P-9C5R-XG88 Command Injection via sonarqube-scan-action GitHub Action

Impact A command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper sanitization. Arguments sent to the action are treated as shell expressions, allowing potential execution of arbitrary commands. Patches...

CVE-2025-58178 Command Injection via sonarqube-scan-action GitHub Action

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper...

CVE-2025-58178 Command Injection via sonarqube-scan-action GitHub Action

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper...

Linux Distros Unpatched Vulnerability : CVE-2017-16667

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of...