CVE-2025-59377

Summary: CVE-2025-59377 affects feiskyer/mcp-kubernetes-server up to version 0.1.11. The vulnerability is an OS command injection in the /mcp/kubectl path caused by using shell=True when constructing shell commands, enabling injection through provided input. This can lead to remote code execution...

CVE-2025-50753

Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell.The command "deviceinfo show file" is supposed to be used from restricted shell to show files and directories. By providing " /bin/sh" quotes included to the argument of this command will drop a...

Kapsch TrafficCom RIS-9260 RSU LEO和Kapsch TrafficCom RIS-9160 安全漏洞

The Kapsch TrafficCom RIS-9260 RSU LEO and the Kapsch TrafficCom RIS-9160 are both a road measurement unit from Kapsch TrafficCom, Austria, with functions of communication and co-management of the vehicle network in intelligent transportation. A security vulnerability exists in the Kapsch...

Linux Distros Unpatched Vulnerability : CVE-2018-7749

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customiz...

Linux Distros Unpatched Vulnerability : CVE-2008-3234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by...

CVE-2012-10060

Sysax Multi Server versions prior to 5.55 contains a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies the input to a fixed-size stack buffer without proper bounds checking. This allows remote code...

org.apache.zeppelin:zeppelin-flink-cmd (>=0.10.0 <=0.11.2), org.apache.zeppelin:zeppelin-spark-submit (>=0.10.0 <=0.11.2) +1 more potentially affected by CVE-2024-51775 via org.apache.zeppelin:zeppelin-shell (>=0.10.0 <=0.11.2)

org.apache.zeppelin:zeppelin-shell MAVEN version =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.11.2 Source cves: CVE-2024-51775 Source advisory: SNYK:JAVA-ORGAPACHEZEPPELIN-11444035...

CVE-2025-54443

Samsung Electronics MagicINFO 9 Server contains a path traversal vulnerability (CVE-2025-54443) that allows uploading a web shell due to improper restriction of restricted directory pathnames. Affected versions are MagicINFO 9 Server prior to 21.1080.0. Impact is described as potential remote cod...

CVE-2025-53927 MaxKB sandbox bypass

MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. Therefore, an attacker can use the shutil.copy2 method in Python to copy the command they...

CVE-2025-48300

CVE-2025-48300 relates to Groundhogg (WordPress plugin) with an Unrestricted Upload of File with Dangerous Type that enables uploading a web shell on the server. Affected: Groundhogg versions up to and including 4.2.1. Reported exploitation vectors are not detailed in the provided sources; the CV...

CVE-2025-49679 Windows Shell Elevation of Privilege Vulnerability

...

PT-2025-28577 · Microsoft · Windows Shell +1

Name of the Vulnerable Software and Affected Versions: Windows Shell affected versions not specified Description: A numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally. Recommendations: At the moment, there is no information about a newer version...

CVE-2025-49444

Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor reformer-elementor allows Upload a Web Shell to a Web Server.This issue affects Reformer for Elementor: from n/a through = 1.0.5...

CVE-2025-49071 WordPress Flozen < 1.5.1 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen flozen-theme allows Upload a Web Shell to a Web Server.This issue affects Flozen: from n/a through 1.5.1...

CVE-2025-47452

CVE-2025-47452 concerns RexTheme WP VR (WP VR) with an Unrestricted Upload of File with Dangerous Type vulnerability, allowing a Web Shell upload on servers running WP VR up to version 8.5.26. The vulnerability arises from an unsafe file upload handling in WP VR, affecting versions through 8.5.26...

Windows Shortcut Files Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...

Important: amazon-ssm-agent

Issue Overview: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. CVE-2025-22869 Affected Packages:...

PT-2025-24860 · Microsoft · Windows Shell +1

Name of the Vulnerable Software and Affected Versions: Windows Shell affected versions not specified Description: A protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. Recommendations: At the moment, there is no information...

CVE-2025-47658

Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Upload a Web Shell to a Web Server.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a...

CVE-2025-47637

Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS staggs allows Upload a Web Shell to a Web Server.This issue affects STAGGS: from n/a through = 2.11.0...