1819 matches found
CVE-2025-58358 Markdownify is vulnerable to command injection through pptx-to-markdown tool
Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...
CVE-2025-58358 Markdownify is vulnerable to command injection through pptx-to-markdown tool
Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...
PT-2025-35862
Name of the Vulnerable Software and Affected Versions: Markdownify versions prior to 0.0.2 Description: Markdownify is a Model Context Protocol server for converting content to Markdown. Versions prior to 0.0.2 contain a command injection issue, caused by the unsanitized use of input parameters...
Linux Distros Unpatched Vulnerability : CVE-2017-12636
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CouchDB administrative users can configure the database server via HTTPS. Some of the configuration options include paths for operating system-level binaries th...
mcp-markdownify-server vulnerable to command injection in pptx-to-markdown tool
Summary A command injection vulnerability exists in the mcp-markdownify-server MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remot...
Command Injection via sonarqube-scan-action GitHub Action
Impact A command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper sanitization. Arguments sent to the action are treated as shell expressions, allowing potential execution of arbitrary commands. Patches...
GHSA-F79P-9C5R-XG88 Command Injection via sonarqube-scan-action GitHub Action
Impact A command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper sanitization. Arguments sent to the action are treated as shell expressions, allowing potential execution of arbitrary commands. Patches...
CVE-2025-58178 Command Injection via sonarqube-scan-action GitHub Action
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper...
CVE-2025-58178 Command Injection via sonarqube-scan-action GitHub Action
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper...
Linux Distros Unpatched Vulnerability : CVE-2017-16667
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of...
Linux Distros Unpatched Vulnerability : CVE-2017-16921
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS a...
Linux Distros Unpatched Vulnerability : CVE-2025-47780
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cer...
Remote Code Execution (RCE)
ms-swift is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper output neutralization for logs because malicious input passed into the train method is concatenated into shell commands, allowing arbitrary command execution...
Description of the security update for SharePoint Server 2019 Language Pack: August 12, 2025 (KB5002770)
Description of the security update for SharePoint Server 2019 Language Pack: August 12, 2025 KB5002770 Summary This security update resolves a Microsoft Word remote code execution vulnerability and Microsoft Word information disclosure vulnerability. To learn more about the vulnerabilities, see t...
CVE-2012-10046 E-Mail Security Virtual Appliance learn-msg.cgi Command Injection
The E-Mail Security Virtual Appliance ESVA tested on version ESVA2057 contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands...
CVE-2012-10046 E-Mail Security Virtual Appliance learn-msg.cgi Command Injection
The E-Mail Security Virtual Appliance ESVA tested on version ESVA2057 contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands...
Low: ruby3.2
Issue Overview: Thor before 1.4.0 can construct an unsafe shell command from library input. CVE-2025-54314 Affected Packages: ruby3.2 Issue Correction: Run dnf update ruby3.2 --releasever 2023.8.20250808 or dnf update --advisory ALAS2023-2025-1124 --releasever 2023.8.20250808 to update your syste...
GHSA-VF9J-H32G-2764 mcp-package-docs vulnerable to command injection in several tools
Summary A command injection vulnerability exists in the mcp-package-docs MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code...
CVE-2013-10048 D-Link Devices command.php Unauthenticated RCE
An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 firmware ≤ 2.13 and ≤ 2.14b01, respectively—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker c...
PT-2025-31686 · Raidsonic · Ib-Nas5220 +1
Name of the Vulnerable Software and Affected Versions: Raidsonic NAS devices versions IB-NAS5220 and IB-NAS4220 Description: An OS command injection issue exists due to improper sanitization of user-supplied input. The timeHandler.cgi API endpoint is vulnerable, allowing remote attackers to injec...