100 matches found
CVE-2026-41411
Vim (before version 9.2.0357) contains a local command-injection vulnerability in tag file processing. When resolving a tag, Vim passes the filename field from the tags file through wildcard expansion, enabling backtick syntax (e.g., command) that can execute arbitrary commands via the system she...
PT-2026-35033
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0357 Description Command injection occurs during tag file processing. When resolving a tag, the filename field from the tags file undergoes wildcard expansion to resolve environment variables and wildcards. If this...
CVE-2025-70831
A Remote Code Execution RCE vulnerability was found in Smanga 3.2.7 in the /php/path/rescan.php interface. The application fails to properly sanitize user-supplied input in the mediaId parameter before using it in a system shell command. This allows an unauthenticated attacker to inject arbitrary...
Accessibility Features (Sticky Keys) Persistence via Debugger Registry Key
This module makes it possible to apply the 'sticky keys' hack to a session with appropriate rights. The hack provides a means to get a SYSTEM shell using UI-level interaction at an RDP login screen or via a UAC confirmation dialog. The module modifies the Debug registry setting for certain...
CVE-2023-31756
A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions = 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an...
CVE-2021-22125
An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file...
Accessibility Features Persistence Via Debugger Registry Key
This Metasploit module makes it possible to apply the sticky keys hack to a session with appropriate rights. The hack provides a means to get a SYSTEM shell using UI-level interaction at an RDP login screen or via a UAC confirmation dialog. The module modifies the Debug registry setting for certa...
PT-2025-48575
Name of the Vulnerable Software and Affected Versions MCP Watch versions 0.1.2 and earlier Description MCP Watch, a security scanner for Model Context Protocol MCP servers, contains a Command Injection issue in the cloneRepo method of the MCPScanner class. The application directly passes the...
Dell CloudLink 操作系统命令注入漏洞
Dell CloudLink is a data encryption and key management system from Dell USA. A command execution vulnerability exists in Dell CloudLink, which can be exploited by an attacker to gain shell access to the system...
CVE-2025-54545
On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges...
EUVD-2025-36728
On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges...
CVE-2025-54545
On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges...
CVE-2025-54545 On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.
On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges...
CVE-2025-54545
CVE-2025-54545 is a local privilege-escalation in Arista DANZ Monitoring Fabric (DMF) and related products. A restricted user could break out of the CLI sandbox to the system shell, gaining elevated privileges. Arista’s Security Advisory 0124 confirms affected products across DMF, Converged Cloud...
CVE-2025-54545 On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.
On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges...
Arista DANZ Monitoring Fabric 安全漏洞
Arista DANZ Monitoring Fabric is a traffic monitoring, security, and performance analytics platform from Arista USA. A security vulnerability exists in Arista DANZ Monitoring Fabric that originates from a restricted user being able to break out of the CLI sandbox restrictions to access the system...
PT-2025-44351
Name of the Vulnerable Software and Affected Versions versions prior to 2025-54545 Description A restricted user could escape the CLI sandbox and gain access to the system shell, leading to privilege escalation. Recommendations At the moment, there is no information about a newer version that...
EUVD-2019-11479
Malware in sbrugna...
EUVD-2021-10943
Malware in sbrugna...
EUVD-2019-10393
Malware in sbrugna...