CVE-2025-34160

CVE-2025-34160 affects AnyShare via the ServiceAgent API exposed on port 10250. The endpoint "/api/ServiceAgent/start_service" accepts POST input and fails to sanitize command-like payloads, enabling unauthenticated remote code execution (RCE) when an attacker injects shell syntax that is execute...

CLSA-2025-1756317560 emacs: Fix of CVE-2025-1244

CVE-2025-1244: fix man.el shell injection vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2020-15121

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the...

Linux Distros Unpatched Vulnerability : CVE-2017-9274

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific...

CVE-2025-41451

CVE-2025-41451 affects Danfoss AK-SM8xxA Series prior to version 4.3.1. Root cause: improper neutralization of alarm-to-mail configuration fields in an OS shell command, enabling post-authenticated remote code execution on the attacked system. Impact: remote code execution with high severity; att...

PT-2025-34107 · Undefined · Undefined

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstance eval parameter, which is dynamically invoked using Ruby’s send method. Th...

CVE-2010-10013

An unauthenticated remote command execution vulnerability exists in AjaXplorer now known as Pydio Cells versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By...

VulnCheck KEV: CVE-2025-34160

AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/startservice accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is...

CVE-2025-47228

In the Production Environment extension in Netmake ScriptCase through 9.12.006 23, shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests...

CVE-2025-47228

In the Production Environment extension in Netmake ScriptCase through 9.12.006 23, shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests...

CVE-2025-47228

In the Production Environment extension in Netmake ScriptCase through 9.12.006 23, shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests...

CVE-2025-47228

CVE-2025-47228 affects Netmake ScriptCase, Production Environment extension, up to version 9.12.006(23). A shell injection flaw exists in the SSH connection settings that, when paired with authenticated access and crafted HTTP requests, allows an attacker to execute system commands on the server....

CVE-2025-47228

In the Production Environment extension in Netmake ScriptCase through 9.12.006 23, shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests...

CVE-2025-52483 Registrator.jl Vulnerable to Argument Injection and Command Injection

Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned by GitHub is malicious or can be injected using upstream vulnerabilities a shell script injection can occur within the...

GLSA-202506-11 : YAML-LibYAML: Shell injection

The remote host is affected by the vulnerability described in GLSA-202506-11 YAML-LibYAML: Shell injection YAML-LibYAML uses the legacy '2-arg' open call which is susceptible to shell injection via malicious filenames. Tenable has extracted the preceding description block directly from the Gentoo...

GLSA-202506-10 : File-Find-Rule: Shell Injection

The remote host is affected by the vulnerability described in GLSA-202506-10 File-Find-Rule: Shell Injection File-Find-Rule uses the legacy '2-arg' open call which is susceptible to shell injection via malicious filenames. Tenable has extracted the preceding description block directly from the...

TencentOS Server 3: maven:3.6 (TSSA-2022:0160)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0160 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

File-Find-Rule: Shell Injection

Background File-Find-Rule is an alternative interface to File::Find. Description File-Find-Rule uses the legacy '2-arg' open call which is susceptible to shell injection via malicious filenames. Impact Shell injection may be used to execute arbitrary code using a malicious filename. Workaround...

YAML-LibYAML: Shell injection

Background YAML-LibYAML provides YAML Serialization using XS and libyaml for Perl. Description YAML-LibYAML uses the legacy '2-arg' open call which is susceptible to shell injection via malicious filenames. Impact Shell injection may be used to execute arbitrary code using a malicious filename...

CVE-2024-39228

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface...