21 matches found
EUVD-2026-34226
There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...
CVE-2026-3692 Unintended command execution during report generation in Progress Flowmon
In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that results in unintended commands being executed on the server...
CVE-2024-2012
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior...
CVE-2025-10239
In Flowmon versions prior to 12.5.5, a vulnerability has been identified that allows a user with administrator privileges and access to the management interface to execute additional unintended commands within scripts intended for troubleshooting purposes...
CVE-2025-10239
Summary: CVE-2025-10239 affects Progress Flowmon prior to 12.5.5. An authenticated administrator with access to the management interface can execute additional unintended commands inside troubleshooting scripts, constituting an authenticated OS command injection risk. Documents consistently state...
CVE-2025-10239 Unintended command execution via troubleshooting scripts in Progress Flowmon
In Flowmon versions prior to 12.5.5, a vulnerability has been identified that allows a user with administrator privileges and access to the management interface to execute additional unintended commands within scripts intended for troubleshooting purposes...
EUVD-2025-33340
In Flowmon versions prior to 12.5.5, a vulnerability has been identified that allows a user with administrator privileges and access to the management interface to execute additional unintended commands within scripts intended for troubleshooting purposes...
PT-2025-41378
Name of the Vulnerable Software and Affected Versions Flowmon versions prior to 12.5.5 Description Flowmon network monitoring solutions are affected by an issue that allows an authenticated administrator to execute additional unintended commands within scripts designed for troubleshooting. This...
EulerOS 2.0 SP12 : sudo (EulerOS-SA-2025-2060)
According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute...
MGASA-2025-0213 Updated sudo packages fix security vulnerabilities
CVE-2025-32462 - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines CVE-2025-32463 - Sudo before 1.9.17p1 allows local users to obtain root access because...
SUSE CVE-2025-32462
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines...
GHSA-32JF-H775-G29H MongoDB Rust driver may issue unintended commands
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...
MongoDB Rust driver may issue unintended commands
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...
CVE-2024-6382 Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...
Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...
jetty: Improper addition of quotation marks to user inputs in CgiServlet
A flaw was found in Jetty's CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested...
Command Injection
FontForge is vulnerable to Command Injection. The vulnerability is due to insufficient input validation, which enables malicious actors to manipulate filenames in a way that triggers the execution of unintended commands...
GHSA-8434-V7XW-8M9X Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
APKLeaks prior to v2.0.4 allows remote authenticated attackers to execute arbitrary OS commands via package name inside the application manifest. Impact An authenticated attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or...
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
APKLeaks prior to v2.0.4 allows remote authenticated attackers to execute arbitrary OS commands via package name inside the application manifest. Impact An authenticated attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or...
Phoenix Contact FL SWITCH Cross-Site Request Forgery Vulnerability
Phoenix Contact FL SWITCH is an industrial grade Ethernet switch from the Phoenix Contact group of companies in Germany. A cross-site request forgery vulnerability exists in Phoenix Contact FL SWITCH versions prior to 3xxx 1.35, 4xxx 1.35, and 48xx 1.35, which can be exploited by a remote attacke...