Fleet 安全漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, and MDM operations. Versions of Fleet prior to 4.81.1 contained security...

React Native Community CLI OS Command Injection Vulnerability

React Native Community CLI contains an OS command injection vulnerability which could allow unauthenticated network attackers to send POST requests to the Metro Development Server and run arbitrary executables via a vulnerable endpoint exposed by the server. On Windows, attackers can also execute...

CVE-2020-36904 Selea CarPlateServer 4.0.1.6 Remote Program Execution via Configuration Endpoint

Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NOLISTEXEPATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration,...

Exploit for CVE-2025-55182

Research: All versions of CVE-2025-55182 exploit vulnerabiliti...

EUVD-2025-37505

The Metro Development Server, which is opened by the React Native CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

CVE-2025-11953

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

CVE-2025-11953 Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

Command Injection

youtubedlsharp is vulnerable to Command Injection. The vulnerability is due to unsafe argument conversion where the UseWindowsEncodingWorkaround being enabled by default, allowing malicious commands to be injected when starting yt-dlp on Windows...

CVE-2021-34426 Arbitrary command execution in Keybase Client for Windows

A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user's Git repository could leverage this vulnerability to...

Vulnerabilities fixed in Nessus

Vulnerabilities have been fixed in Nessus. The vulnerabilities allow a locally authenticated malicious person with administrator privileges to obtain elevated privileges. The malicious party can use these privileges to execute specific Windows commands execute as the Nessus Agent host. Tenable ha...

Exploit for Origin Validation Error in Solarwinds Dameware_Mini_Remote_Control

CVE-2019-3980 This repo was created to utilize the Nessus POC...

LAN.FS Messenger 2.4 Command Execution

Title: ====== LAN.FS Messenger v2.4 - Command Execution Vulnerability Date: ===== 2012-11-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=760 VL-ID: ===== 760 Common Vulnerability Scoring System: ==================================== 8.2 Introduction: =============...

LAN.FS Messenger v2.4 - Command Execution Vulnerability

Document Title: =============== LAN.FS Messenger v2.4 - Command Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=760 Release Date: ============= 2012-11-13 Vulnerability Laboratory ID VL-ID: ==================================== 760...