PT-2025-41471

Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX versions prior to 2023.1 Description Newforma Info Exchange NIX contains a flaw in the /UserWeb/Common/UploadBlueimp.ashx API endpoint that allows an authenticated attacker to upload arbitrary files to any location...

EUVD-2018-1006

Malware in sbrugna...

EUVD-2020-26478

Malware in sbrugna...

EUVD-2021-25190

Malware in sbrugna...

EUVD-2017-12006

Malware in sbrugna...

EUVD-2012-6587

Malware in sbrugna...

EUVD-2025-23537

Malicious code in bioql PyPI...

EUVD-2024-54950

Malicious code in bioql PyPI...

EUVD-2025-25196

Malicious code in bioql PyPI...

EUVD-2022-6740

Malicious code in bioql PyPI...

CVE-2009-20010

Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by the underlying shell without adequate...

CVE-2025-30056

The RunCommand function accepts any parameter, which is then passed for execution in the shell. This allows an attacker to execute arbitrary code on the system...

CVE-2025-30056

The RunCommand function accepts any parameter, which is then passed for execution in the shell. This allows an attacker to execute arbitrary code on the system...

CVE-2025-30056

Technical details about CVE-2025-30056 are not provided in the connected documents. Monitor for updates to identify affected products, root cause, impact, and remediation.

CGM CLININET 代码注入漏洞

CGM CLININET is a hospital information management system from German company CGM. CGM CLININET suffers from a code injection vulnerability that originates when the RunCommand function accepts arbitrary parameters and passes them to the shell for execution, which could lead to the execution of...

CVE-2025-55294 Command Injection via `format` option in screenshot-desktop

screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary...

CVE-2012-10041

WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shellexec with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The system also includes a SUID-root binary name...

CVE-2012-10041 WAN Emulator v2.3 Command Execution

WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shellexec with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The system also includes a SUID-root binary name...

CVE-2012-10046

The CVE-2012-10046 entry concerns the E-Mail Security Virtual Appliance (ESVA), tested on ESVA_2057, which contains an unauthenticated command-injection in the learn-msg.cgi CGI handler. The vulnerability stems from inadequate sanitization of user input in the id parameter, allowing arbitrary she...

CVE-2025-4604

CVE-2025-4604 affects Liferay Portal 7.4.3.80 through 7.4.3.132 and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92. The vulnerability allows bypassi...