EUVD-2022-5669

Malicious code in bioql PyPI...

EUVD-2022-2810

Malicious code in bioql PyPI...

CVE-2025-36604

Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution...

CVE-2025-41683

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface endpoint eventmailtest...

CVE-2025-7154

TOTOLINK N200RE is affected by a critical vulnerability in the CGI script path /cgi-bin/cstecgi.cgi, specifically the function sub_41A0F8 where the Hostname argument can be manipulated to trigger an os command injection. The issue is exploitable remotely and the public exploit has been disclosed....

CVE-2025-6898

A vulnerability, which was classified as critical, has been found in D-Link DI-7300G+ 19.12.25A1. Affected by this issue is some unknown functionality of the file in proxyclient.asp. The manipulation of the argument proxysrv/proxylanport/proxylanip/proxysrvport leads to os command injection. The...

CVE-2025-6264 Velociraptor priviledge escalation via UpdateConfig artifact

Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch...

MAL-2025-4780 Malicious code in @react-native-aria/disclosure (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 257ffc8541490ada2a41d7f56aac16d0a9eb9c789be4858a9fb6243c31937ef6 React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...

CVE-2025-5439 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 verifyFacebookLike os command injection

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the...

PT-2025-22981 · Weidmueller · Ie-Sw-Pl10M-3Gt-7Tx +12

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A critical issue allows an unauthenticated remote attacker to execute arbitrary commands due to missing authentication on a critical function of the devices. This could potentially enable...

CVE-2020-20184

GateOne allows remote attackers to execute arbitrary commands via shell metacharacters in the port field when attempting an SSH connection...

CVE-2019-12889

An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with local access to only the Windows logon screen can escalate their privileges to NT AUTHORITY\System. An attacker would need local access to the machine for a successful exploit. The attacker must...

CVE-2016-10312

Jensen of Scandinavia AS Air:Link 3G AL3G version 2.23m Rev. 3, Air:Link 5000AC AL5000AC version 1.13, and Air:Link 59300 AL59300 version 1.04 Rev. 4 devices allow remote attackers to execute arbitrary commands via shell metacharacters to certain /goform/ pages...

CVE-2004-1781

Info Touch Surfnet kiosk allows local users to crash Surfnet and access the underlying operating system via the CMDCREDITCARDCHARGE command...

PT-2025-22490 · Infoblox · Infoblox Netmri

Name of the Vulnerable Software and Affected Versions: Infoblox NETMRI versions prior to 7.6.1 Description: An issue allows for remote, unauthenticated command injection. The vulnerability is related to insufficient data sanitization at the management level. The get saml request function is...

CVE-2025-1449 Admin Shell Access Vulnerability in Rockwell Automation Verve Asset Manager

A vulnerability exists in the Rockwell Automation Verve Asset Manager due to insufficient variable sanitizing. A portion of the administrative web interface for Verve's Legacy Agentless Device Inventory ADI capability deprecated since the 1.36 release allows users to change a variable with...

Linux Distros Unpatched Vulnerability : CVE-2015-3408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when...

CVE-2025-1819

A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affected is the function TendaTelnet of the file /goform/telnet. The manipulation of the argument lanip leads to os command injection. It is possible to launch the attack remotely. The exploit has been...

Cisco Secure Web Appliance Multiple Vulnerabilities (cisco-sa-esa-sma-wsa-multi-yKUJhS34)

According to its self-reported version, Cisco Secure Web Appliance is affected by multiple vulnerabilities. - A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker...

CVE-2024-12356

A critical vulnerability has been discovered in Privileged Remote Access PRA and Remote Support RS products which can allow an unauthenticated attacker to inject commands that are run as a site user...