30764 matches found
CVE-2025-70831
A Remote Code Execution RCE vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-supplied input in the mediaId parameter before using it in a system shell command. This allows an unauthenticated attacker to inject arbitrary...
CVE-2021-35402
PROLiNK PRC2402M 20190909 before 2021-06-13 allows liveapi.cgi?page=satellitelist OS command injection via shell metacharacters in the ip parameter for satellitestatus...
PT-2026-21098
Name of the Vulnerable Software and Affected Versions zozothemes Wiguard versions prior to 2.0.1 Description A flaw exists in zozothemes Wiguard that permits the upload of a web shell to a web server through unrestricted file uploads. This allows for potentially malicious code execution. The...
PT-2026-21316
🚨 CVE-2019-25441 thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run command endpoint. Attackers can send POST requests with shell commands in the command parameter to execute...
Brocade Fabric OS < 9.2.1c2 / 9.2.2 < 9.2.2b / 10.0.0 Information Disclosure (CVE-2026-0383)
The version of Brocade FabricOS installed on the remote host is prior to 9.2.1c2, or 9.2.2 prior to 9.2.2b, or 10.0.0 prior to 10.0.0a. It is, therefore, affected by an information disclosure vulnerability: - A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with...
CVE-2026-26323
OpenClaw is a personal AI assistant. Versions 2026.1.8 through 2026.2.13 have a command injection in the maintainer/dev script scripts/update-clawtributors.ts. The issue affects contributors/maintainers or CI who run bun scripts/update-clawtributors.ts in a source checkout that contains a malicio...
CVE-2025-67305
In RUCKUS Network Director RND 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user. These keys are identical across all deployments, allowing an attacker with network access to authenticate via SSH without a password. Once authenticated, the attacker can access the...
CVE-2026-27476
RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system commands to execute arbitrary operations on the targe...
CVE-2026-27476
RustFly 2.0.0 is affected by a command-injection vulnerability in its remote UI control that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. The flaw allows an attacker to send crafted hex payloads to execute arbitrary commands on the target, potentially enabling ...
GHSA-HMH4-3XVX-Q5HR Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process
Summary A command injection vulnerability exists in Deno's node:childprocess implementation. Reproduction javascript import spawnSync from "node:childprocess"; import as fs from "node:fs"; // Cleanup try fs.unlinkSync'/tmp/rceproof'; catch // Create legitimate script...
Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process
Summary A command injection vulnerability exists in Deno's node:childprocess implementation. Reproduction javascript import spawnSync from "node:childprocess"; import as fs from "node:fs"; // Cleanup try fs.unlinkSync'/tmp/rceproof'; catch // Create legitimate script...
CVE-2026-26189
Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in aquasecurity/trivy-action versions 0.31.0 through 0.33.1 due to improper handling of action inputs when exporting environment variables. The action writes...
CVE-2026-26189 Trivy Action has a script injection via sourced env file in composite action
Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in aquasecurity/trivy-action versions 0.31.0 through 0.33.1 due to improper handling of action inputs when exporting environment variables. The action writes...
CVE-2026-26189 Trivy Action has a script injection via sourced env file in composite action
Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in aquasecurity/trivy-action versions 0.31.0 through 0.33.1 due to improper handling of action inputs when exporting environment variables. The action writes...
📄 SofaWiki 3.9.2 Shell Upload
This is a proof of concept remote shell upload exploit for SofaWiki version 3.9.2 that leverages an issue originally discovered in 2024. ============================================================================================================================================= | Title : SofaWiki...
SofaWiki 3.9.2 Shell Upload
This is a proof of concept remote shell upload exploit for SofaWiki version 3.9.2 that leverages an issue originally discovered in 2024...
CVE-2019-25362
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...
CVE-2019-25362
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...
CVE-2019-25362 WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...
CVE-2019-25362 WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...