Linux Distros Unpatched Vulnerability : CVE-2017-16921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS a...

Linux Distros Unpatched Vulnerability : CVE-2025-47780

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cer...

Remote Code Execution (RCE)

ms-swift is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper output neutralization for logs because malicious input passed into the train method is concatenated into shell commands, allowing arbitrary command execution...

Description of the security update for SharePoint Server 2019 Language Pack: August 12, 2025 (KB5002770)

Description of the security update for SharePoint Server 2019 Language Pack: August 12, 2025 KB5002770 Summary This security update resolves a Microsoft Word remote code execution vulnerability and Microsoft Word information disclosure vulnerability. To learn more about the vulnerabilities, see t...

CVE-2012-10046 E-Mail Security Virtual Appliance learn-msg.cgi Command Injection

The E-Mail Security Virtual Appliance ESVA tested on version ESVA2057 contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands...

CVE-2012-10046 E-Mail Security Virtual Appliance learn-msg.cgi Command Injection

The E-Mail Security Virtual Appliance ESVA tested on version ESVA2057 contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands...

Low: ruby3.2

Issue Overview: Thor before 1.4.0 can construct an unsafe shell command from library input. CVE-2025-54314 Affected Packages: ruby3.2 Issue Correction: Run dnf update ruby3.2 --releasever 2023.8.20250808 or dnf update --advisory ALAS2023-2025-1124 --releasever 2023.8.20250808 to update your syste...

GHSA-VF9J-H32G-2764 mcp-package-docs vulnerable to command injection in several tools

Summary A command injection vulnerability exists in the mcp-package-docs MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code...

CVE-2013-10048 D-Link Devices command.php Unauthenticated RCE

An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 firmware ≤ 2.13 and ≤ 2.14b01, respectively—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker c...

PT-2025-31686 · Raidsonic · Ib-Nas5220 +1

Name of the Vulnerable Software and Affected Versions: Raidsonic NAS devices versions IB-NAS5220 and IB-NAS4220 Description: An OS command injection issue exists due to improper sanitization of user-supplied input. The timeHandler.cgi API endpoint is vulnerable, allowing remote attackers to injec...

CVE-2013-10039

A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ipcheckhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deploymen...

PT-2025-31537 · Undefined · Undefined

A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deployme...

GO-2025-3786 filebrowser Allows Shell Commands to Spawn Other Commands in github.com/filebrowser/filebrowser

filebrowser Allows Shell Commands to Spawn Other Commands in github.com/filebrowser/filebrowser...

CVE-2025-53832 @translated/lara-mcp vulnerable to command injection in import_tmx tool

Lara Translate MCP Server is a Model Context Protocol MCP Server for Lara Translate API. Versions 0.0.11 and below contain a command injection vulnerability which exists in the @translated/lara-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to...

CVE-2025-46122

The CVE-2025-46122 vulnerability affects CommScope Ruckus Unleashed: versions prior to 200.15.6.212.14 and 200.17.7.0.139 are affected. The authenticated diagnostics API endpoint /admin/_cmdstat.jsp accepts attacker-controlled input without sufficient validation, allowing a remote attacker to spe...

CVE-2025-34115

An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmdstr' parameter in the commandtest.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web...

PT-2025-29563 · Nexxt Solutions · Ncm-X1800 Mesh Router

Name of the Vulnerable Software and Affected Versions: Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below Description: A command injection issue exists in the web management interface's ping and traceroute functionality of the Nexxt Solutions NCM-X1800 Mesh Router. The application...

CVE-2025-53104

gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS NativeWind. Prior to commit e6b4271, a command injection vulnerability was discovered in the discussion-to-slack.yml GitHub Actions workflow. Untrusted discussion fields title, body, etc. were directly...

CVE-2025-34054

An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgiquery. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence wa...

Unauthorized Command Execution

github.com/filebrowser/filebrowser, is vulnerable to unauthorized command execution.The vulnerability is due to improper enforcement of scope restrictions on the Command Execution feature, which allows an attacker to execute arbitrary shell commands outside their assigned scope and gain...