380 matches found
CVE-2025-64756 glob CLI: Command injection via -c/--cmd executes matches with shell:true
Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...
CVE-2025-64756 glob CLI: Command injection via -c/--cmd executes matches with shell:true
Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...
CVE-2025-64756 glob CLI: Command injection via -c/--cmd executes matches with shell:true
Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...
CVE-2025-63916
MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user...
CVE-2025-60701
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub433188 function in prog.cgi stores user-supplied email configuration parameters EmailFrom, EmailTo, SMTPServerAddress, SMTPServerPort, AccountName in NVRAM v...
Arbitrary Command Injection
Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Arbitrary Command Injection via the backup and restore processes when handling file path input with shell execution enabled. An attacker can execute arbitrary system commands by supplying specially crafted...
CVE-2025-12763
pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input...
CVE-2025-61141
sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...
Command Injection
Overview org.jenkins-ci.plugins:azure-cli is an A Jenkins plugin to use Azure CLI for managing Azure resources. ❗ This is NOT an official Microsoft plugin 🌟 The advantage of this plugin that it let's you export the CLI result from each command to environment variables and to the next command...
EUVD-2025-36658
Jenkins Azure CLI Plugin does not restrict the commands it executes...
CVE-2023-7311
BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the /goform/webRead/open endpoint. The path parameter is not properly validated and is echoed into a shell context, allowing an attacker to inject and execute arbitrary shell commands on the device. Successfu...
Ilevia EVE X1 Server 4.7.18.0.eden (mbus) Unauthenticated Remote Command Injection
Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...
CVE-2023-7311
CVE-2023-7311 affects the BYTEVALUE Intelligent Flow Control Router. A command-injection flaw exists in the /goform/webRead/open endpoint where the unvalidated path parameter is echoed into a shell, enabling arbitrary shell command execution. This can lead to writing backdoors, host privilege esc...
CVE-2023-7311 BYTEVALUE Intelligent Flow Control Router Command Injection
BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the /goform/webRead/open endpoint. The path parameter is not properly validated and is echoed into a shell context, allowing an attacker to inject and execute arbitrary shell commands on the device. Successfu...
PT-2025-42220
BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the /goform/webRead/open endpoint. The path parameter is not properly validated and is echoed into a shell context, allowing an attacker to inject and execute arbitrary shell commands on the device. Successfu...
PT-2025-41471
Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX versions prior to 2023.1 Description Newforma Info Exchange NIX contains a flaw in the /UserWeb/Common/UploadBlueimp.ashx API endpoint that allows an authenticated attacker to upload arbitrary files to any location...
EUVD-2018-1006
Malware in sbrugna...
EUVD-2020-26478
Malware in sbrugna...
EUVD-2021-25190
Malware in sbrugna...
EUVD-2017-12006
Malware in sbrugna...