CVE-2021-23154

In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system...

CVE-2025-47780

Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface CLI by configuring...

CVE-2019-20773

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. Unprivileged applications can execute shell commands via the connectivity service. The LG ID is LVE-SMP-190008 August 2019...

CVE-2019-13386

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege...

CVE-2002-1868

Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields...

[SECURITY] [DLA 4169-1] dropbear security update

Debian LTS Advisory DLA-4169-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin May 17, 2025 https://wiki.debian.org/LTS Package : dropbear Version : 2020.81-3+deb11u3 CVE ID : CVE-2025-47203 Marcin Nowak discovered that dbclient1 hostname arguments with a comma for...

CVE-2025-30370 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions. If...

Amazon Linux AMI : emacs (ALAS-2025-1964)

The version of emacs installed on the remote host is prior to 24.3-20.26. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1964 advisory. A flaw was found in the Emacs text editor. Improper handling of custom man URI schemes allows attackers to execute arbitrary shell...

FreeBSD : vim -- Improper Input Validation in Vim (2ec7816d-fdb7-11ef-91ff-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2ec7816d-fdb7-11ef-91ff-b42e991fc52e advisory. [email protected] reports: Vim is distributed with the tar.vim plugin, that allows easy...

CBL Mariner 2.0 Security Update: vim (CVE-2025-27423)

The version of vim installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27423 advisory. - Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy...

Linux Distros Unpatched Vulnerability : CVE-2025-27423

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of compressed or uncompressed...

Important: emacs

Issue Overview: A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. CVE-2025-1244 Affected Packages: emacs Issue...

AZL-57735 CVE-2025-27423 affecting package vim for versions less than 9.1.1164-1

Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of compressed or uncompressed tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the i...

UBUNTU-CVE-2025-27423

Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of compressed or uncompressed tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the i...

CVE-2025-27423

Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of compressed or uncompressed tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the i...

CVE-2025-27423 Improper Input Validation in Vim

Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of compressed or uncompressed tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the i...

vim -- Improper Input Validation in Vim

[email protected] reports: Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of compressed or uncompressed tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not...

PT-2025-9524 · Vim +3 · Vim +3

Name of the Vulnerable Software and Affected Versions: Vim versions 9.1.0858 through 9.1.1163 Description: Vim is an open source, command line text editor that is distributed with the tar.vim plugin. This plugin allows easy editing and viewing of compressed or uncompressed tar files. However,...

GNU Emacs OS Command Injection Vulnerability

GNU Emacs is a family of text editors in the American GNU community. GNU Emacs suffers from an operating system command injection vulnerability that stems from mishandling of the custom "man" URI scheme, which can be exploited to execute arbitrary shell commands...

USN-7268-1: Apache ActiveMQ vulnerabilities

It was discovered that Apache ActiveMQ incorrectly handled authentication. A remote attacker could possibly use this issue to run arbitrary code. CVE-2022-41678 It was discovered that Apache ActiveMQ incorrectly handled deserialization. A remote attacker could possibly use this issue to run...