906 matches found
EUVD-2025-22106
Malicious code in bioql PyPI...
EUVD-2022-28070
Malicious code in bioql PyPI...
EUVD-2022-44051
Malicious code in bioql PyPI...
EUVD-2022-5176
Malicious code in bioql PyPI...
EUVD-2024-42541
Malicious code in bioql PyPI...
EUVD-2024-2428
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2023-50445
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the getsystemlog and...
Linux Distros Unpatched Vulnerability : CVE-2021-3197
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, ...
CVE-2009-20010
Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by the underlying shell without adequate...
Linux Distros Unpatched Vulnerability : CVE-2019-11627
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID. CVE-2019-11627 Note that Nessus...
Linux Distros Unpatched Vulnerability : CVE-2021-3515
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft ...
CVE-2025-34160
CVE-2025-34160 affects AnyShare via the ServiceAgent API exposed on port 10250. The endpoint "/api/ServiceAgent/start_service" accepts POST input and fails to sanitize command-like payloads, enabling unauthenticated remote code execution (RCE) when an attacker injects shell syntax that is execute...
CLSA-2025-1756317560 emacs: Fix of CVE-2025-1244
CVE-2025-1244: fix man.el shell injection vulnerability...
Linux Distros Unpatched Vulnerability : CVE-2020-15121
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the...
Linux Distros Unpatched Vulnerability : CVE-2017-9274
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific...
CVE-2025-41451
CVE-2025-41451 affects Danfoss AK-SM8xxA Series prior to version 4.3.1. Root cause: improper neutralization of alarm-to-mail configuration fields in an OS shell command, enabling post-authenticated remote code execution on the attacked system. Impact: remote code execution with high severity; att...
PT-2025-34107 · Undefined · Undefined
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstance eval parameter, which is dynamically invoked using Ruby’s send method. Th...
CVE-2010-10013
An unauthenticated remote command execution vulnerability exists in AjaXplorer now known as Pydio Cells versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By...
VulnCheck KEV: CVE-2025-34160
AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/startservice accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is...
CVE-2025-47228
In the Production Environment extension in Netmake ScriptCase through 9.12.006 23, shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests...