EUVD-2025-175375

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in prog.cgi are stored in NVRAM and later used by rc to...

EUVD-2018-19541

Malware in sbrugna...

EUVD-2019-16138

Malware in sbrugna...

EUVD-2018-4287

Malware in sbrugna...

EUVD-2018-18827

Malware in sbrugna...

EUVD-2015-5897

Malware in sbrugna...

EUVD-2021-7507

Malicious code in bioql PyPI...

EUVD-2023-36037

Malicious code in bioql PyPI...

EUVD-2022-30627

Malicious code in bioql PyPI...

EUVD-2022-24692

Malicious code in bioql PyPI...

EUVD-2022-7150

Malicious code in bioql PyPI...

CVE-2025-26412 Undocumented Root Shell Access in SIMCom SIM7600G Modem

The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands...

CVE-2025-26412 Undocumented Root Shell Access in SIMCom SIM7600G Modem

The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands...

PT-2025-24064

Name of the Vulnerable Software and Affected Versions Soar Cloud HRD Human Resource Management System versions prior to 7.3.2025.0408 Description The issue concerns an unrestricted upload of files with dangerous types in the upload file function, allowing remote attackers to execute arbitrary...

CVE-2022-39312

Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In...

Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor

Progress Software has released security updates for a maximum-severity flaw in LoadMaster and Multi-Tenant MT hypervisor that could result in the execution of arbitrary operating system commands. Tracked as CVE-2024-7591 CVSS score: 10.0, the vulnerability has been described as an improper input...

CVE-2023-0432 CVE-2023-0432

The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system OS from the device in the context of the user "root." If the attacker has credentials for the web service, then the...

CVE-2022-24803 Command Injection vulnerability in asciidoctor-include-ext

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...

Huawei GaussDB 200 Command Injection Vulnerability (CNVD-2020-13694)

Huawei GaussDB 200 is a distributed parallel relational database system developed by Huawei China based on the open source database Postgres-XC. A command injection vulnerability exists in GaussDB 200 version 6.5.1. An attacker can exploit this vulnerability to execute system commands...

NetMan 204 Backdoor Account Vulnerability

NetMan is an integrated development of UPS for medium and large networks, providing a high level of reliability in the communication between UPS and related management systems. A backdoor account vulnerability exists in NetMan 204. An attacker can exploit this vulnerability to execute system...