Lucene search
K

21 matches found

EUVD
EUVD
added 2026/06/04 8:7 a.m.10 views

EUVD-2026-34226

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

7.2CVSS6.2AI score0.0037EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/02 1:27 p.m.27 views

CVE-2026-3692 Unintended command execution during report generation in Progress Flowmon

In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that results in unintended commands being executed on the server...

8.7CVSS0.0042EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:9 a.m.8 views

CVE-2024-2012

vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior...

9.8CVSS7AI score0.00601EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/10 5:22 p.m.8 views

CVE-2025-10239

In Flowmon versions prior to 12.5.5, a vulnerability has been identified that allows a user with administrator privileges and access to the management interface to execute additional unintended commands within scripts intended for troubleshooting purposes...

7.2CVSS7.2AI score0.00357EPSS
Exploits0References1
CVE
CVE
added 2025/10/09 12:42 p.m.14 views

CVE-2025-10239

Summary: CVE-2025-10239 affects Progress Flowmon prior to 12.5.5. An authenticated administrator with access to the management interface can execute additional unintended commands inside troubleshooting scripts, constituting an authenticated OS command injection risk. Documents consistently state...

7.2CVSS6.8AI score0.00357EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/09 12:42 p.m.10 views

CVE-2025-10239 Unintended command execution via troubleshooting scripts in Progress Flowmon

In Flowmon versions prior to 12.5.5, a vulnerability has been identified that allows a user with administrator privileges and access to the management interface to execute additional unintended commands within scripts intended for troubleshooting purposes...

7.2CVSS0.00357EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/09 12:42 p.m.5 views

EUVD-2025-33340

In Flowmon versions prior to 12.5.5, a vulnerability has been identified that allows a user with administrator privileges and access to the management interface to execute additional unintended commands within scripts intended for troubleshooting purposes...

7.2CVSS6.7AI score0.00357EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.11 views

PT-2025-41378

Name of the Vulnerable Software and Affected Versions Flowmon versions prior to 12.5.5 Description Flowmon network monitoring solutions are affected by an issue that allows an authenticated administrator to execute additional unintended commands within scripts designed for troubleshooting. This...

7.2CVSS7.4AI score0.00357EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

EulerOS 2.0 SP12 : sudo (EulerOS-SA-2025-2060)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute...

8.8CVSS7AI score0.03239EPSS
Exploits77References2
OSV
OSV
added 2025/07/25 9:48 p.m.8 views

MGASA-2025-0213 Updated sudo packages fix security vulnerabilities

CVE-2025-32462 - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines CVE-2025-32463 - Sudo before 1.9.17p1 allows local users to obtain root access because...

9.3CVSS7.2AI score0.47467EPSS
Exploits77References5
SUSE CVE
SUSE CVE
added 2025/06/30 11:34 p.m.6 views

SUSE CVE-2025-32462

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines...

7CVSS7.3AI score0.03239EPSS
Exploits77References13
OSV
OSV
added 2024/07/02 9:32 p.m.4 views

GHSA-32JF-H775-G29H MongoDB Rust driver may issue unintended commands

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...

6.4CVSS7AI score0.00277EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/07/02 9:32 p.m.14 views

MongoDB Rust driver may issue unintended commands

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...

7.5CVSS7AI score0.00277EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2024/07/02 5:17 p.m.30 views

CVE-2024-6382 Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...

6.4CVSS0.00277EPSS
Exploits0References1
MongoDB
MongoDB
added 2024/07/02 5:17 p.m.31 views

Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...

7.5CVSS6.8AI score0.00277EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2024/05/23 10:45 p.m.5 views

jetty: Improper addition of quotation marks to user inputs in CgiServlet

A flaw was found in Jetty's CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested...

3.5CVSS7.3AI score0.01006EPSS
Exploits1References4
Veracode
Veracode
added 2024/03/13 3:31 p.m.31 views

Command Injection

FontForge is vulnerable to Command Injection. The vulnerability is due to insufficient input validation, which enables malicious actors to manipulate filenames in a way that triggers the execution of unintended commands...

4.2CVSS6.7AI score0.01082EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/01/21 11:3 p.m.17 views

GHSA-8434-V7XW-8M9X Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks

APKLeaks prior to v2.0.4 allows remote authenticated attackers to execute arbitrary OS commands via package name inside the application manifest. Impact An authenticated attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or...

9.3CVSS9.5AI score0.02307EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/01/21 11:3 p.m.40 views

Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks

APKLeaks prior to v2.0.4 allows remote authenticated attackers to execute arbitrary OS commands via package name inside the application manifest. Impact An authenticated attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or...

10CVSS7.2AI score0.02307EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2019/01/28 12:0 a.m.3 views

Phoenix Contact FL SWITCH Cross-Site Request Forgery Vulnerability

Phoenix Contact FL SWITCH is an industrial grade Ethernet switch from the Phoenix Contact group of companies in Germany. A cross-site request forgery vulnerability exists in Phoenix Contact FL SWITCH versions prior to 3xxx 1.35, 4xxx 1.35, and 48xx 1.35, which can be exploited by a remote attacke...

8.8CVSS6.9AI score0.00856EPSS
Exploits0References1
Rows per page
Query Builder