1819 matches found
CVE-2013-10039
A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ipcheckhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deploymen...
PT-2025-31537 · Undefined · Undefined
A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deployme...
GO-2025-3786 filebrowser Allows Shell Commands to Spawn Other Commands in github.com/filebrowser/filebrowser
filebrowser Allows Shell Commands to Spawn Other Commands in github.com/filebrowser/filebrowser...
CVE-2025-53832 @translated/lara-mcp vulnerable to command injection in import_tmx tool
Lara Translate MCP Server is a Model Context Protocol MCP Server for Lara Translate API. Versions 0.0.11 and below contain a command injection vulnerability which exists in the @translated/lara-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to...
CVE-2025-46122
The CVE-2025-46122 vulnerability affects CommScope Ruckus Unleashed: versions prior to 200.15.6.212.14 and 200.17.7.0.139 are affected. The authenticated diagnostics API endpoint /admin/_cmdstat.jsp accepts attacker-controlled input without sufficient validation, allowing a remote attacker to spe...
CVE-2025-34115
An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmdstr' parameter in the commandtest.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web...
PT-2025-29563 · Nexxt Solutions · Ncm-X1800 Mesh Router
Name of the Vulnerable Software and Affected Versions: Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below Description: A command injection issue exists in the web management interface's ping and traceroute functionality of the Nexxt Solutions NCM-X1800 Mesh Router. The application...
CVE-2025-53104
gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS NativeWind. Prior to commit e6b4271, a command injection vulnerability was discovered in the discussion-to-slack.yml GitHub Actions workflow. Untrusted discussion fields title, body, etc. were directly...
CVE-2025-34054
An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgiquery. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence wa...
Unauthorized Command Execution
github.com/filebrowser/filebrowser, is vulnerable to unauthorized command execution.The vulnerability is due to improper enforcement of scope restrictions on the Command Execution feature, which allows an attacker to execute arbitrary shell commands outside their assigned scope and gain...
CVE-2025-53107 @cyanheads/git-mcp-server vulnerable to command injection in several tools
@cyanheads/git-mcp-server is an MCP server designed to interact with Git repositories. Prior to version 2.1.5, there is a command injection vulnerability caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...
CVE-2025-34054
An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgiquery. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence wa...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the erroneous implementation of the allowlist process. An attacker can gain unauthorized access to execute arbitrary shell commands by bypassing configured restrictions. This may result in exposure or...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the erroneous implementation of the allowlist process. An attacker can gain unauthorized access to execute arbitrary shell commands by bypassing configured restrictions. This may result in exposure or...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the erroneous implementation of the allowlist process. An attacker can gain unauthorized access to execute arbitrary shell commands by bypassing configured restrictions. This may result in exposure or...
PT-2025-27498 · Unknown · Git-Mcp-Server
Name of the Vulnerable Software and Affected Versions: git-mcp-server versions prior to 2.1.5 Description: A command injection vulnerability exists in the git-mcp-server MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child process.exec, enablin...
PT-2025-27006
Name of the Vulnerable Software and Affected Versions: File Browser version 2.32.0 Description: The issue concerns the Command Execution feature in File Browser, which allows the execution of shell commands predefined on a user-specific allowlist. However, many tools can execute arbitrary command...
CVE-2025-34035
Summary: CVE-2025-34035 affects EnGenius EnShare Cloud Service
VulnCheck KEV: CVE-2025-34035
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected...
CVE-2025-52969
...