1819 matches found
CVE-2023-53940
Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js childprocess module when the fil...
PT-2025-52319
Name of the Vulnerable Software and Affected Versions Codigo Markdown Editor version 1.0.1 Description The software contains a code execution issue that permits attackers to execute arbitrary system commands by creating a malicious markdown file. An attacker can embed a video source with an onerr...
EUVD-2025-204009
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...
Improper Restriction Of Command Execution
org.jenkins-ci.plugins, azure-cli is vulnerable to improper restriction of command execution. The vulnerability is due to insufficient validation of executed commands, which allows an attacker with Item/Configure permission to execute arbitrary shell commands on the Jenkins controller...
EUVD-2024-55324
dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passwd by exploiting improper input validation...
Fireshare 命令注入漏洞
Fireshare is a media hosting software by the individual developer Shane Israel. A command injection vulnerability exists in Fireshare versions 1.2.30 and earlier, which stems from uploading a video file with the filename spliced directly into a shell command, which could lead to remote code...
CVE-2024-58286
CVE-2024-58286 affects dizqueTV 1.5.3. The flaw allows remote code execution by altering the FFMPEG Executable Path via improper input validation, enabling shell commands to read files (e.g., /etc/passwd). Public details across sources confirm the component and impact but do not provide a confirm...
CVE-2025-12744
A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command docker inspect %s without proper validation. An unprivileged local user can craft a payload that injects shell...
Opto 22 GRV-EPIC and groov RIO
RISK EVALUATION Successful exploitation of this vulnerability could result in the execution of arbitrary shell commands with root privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
Lite XL 安全漏洞
Lite XL is a lightweight text editor from lite-xl open source. A security vulnerability exists in Lite XL 2.1.8 and earlier versions, which stems from a failure to clean up shell command constructs in the system.exec function, which could lead to the execution of arbitrary commands...
CVE-2025-63932
D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction header field. The unauthenticated remote attacker can execute the shell command...
PT-2025-47484
Name of the Vulnerable Software and Affected Versions AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 Description The software contains a command injection issue within the license activation process, specifically in the ''ActivateLicense.php'' file...
CVE-2025-60676
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed...
CVE-2025-60700
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and librcm.so binaries. The sub4455BC function in prog.cgi stores user-supplied SetDMZSettings/IPAddress values in NVRAM via nvramsafeset"dmzipaddr", .... These values are later...
CVE-2025-60697
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...
CVE-2025-60701
The CVE-2025-60701 issue affects the D-Link DIR-882 router, specifically firmware DIR882A1_FW102B02. The vulnerability stems from the prog.cgi function sub_433188 and the rc binary’s sub_448FDC, where user-supplied EmailFrom, EmailTo, SMTPServerAddress, SMTPServerPort, and AccountName are stored ...
CVE-2025-60682
A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the cloudupdatecheck binary, specifically in the sub402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell...
CVE-2025-60676
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed...
CVE-2025-64140
Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands...
CVE-2025-64348
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not configured to allow...