RHCOS 2 : rubygem-openshift-origin-console (RHSA-2015:1808)

The remote Red Hat Enterprise Linux CoreOS 2 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2015:1808 advisory. - 2.2: API command injection vulnerability CVE-2015-5274 Note that Nessus has not tested for this issue but has instead relied only on the...

Vulnerabilities fixed in Fortinet FortiWeb

Fortinet has fixed vulnerabilities in FortiWeb Versions 7.0 to 8.0.1. The vulnerabilities include an ability for remote unauthenticated attackers to bypass hostname restrictions, an OS command injection vulnerability within the FortiWeb API, and the ability to bypass authentication rate-limits...

CVE-2026-0785

ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw...

EUVD-2025-205598

Tugtainer is a self-hosted app for automating updates of docker containers. In versions prior to 1.15.1, arbitary arguments can be injected in tugtainer-agent POST api/command/run. Version 1.15.1 fixes the issue...

EUVD-2018-13772

Malware in sbrugna...

EUVD-2017-9560

Malware in sbrugna...

EUVD-2015-4055

Malware in sbrugna...

EUVD-2019-3017

Malware in sbrugna...

EUVD-2023-54460

Malicious code in bioql PyPI...

EUVD-2025-31433

Malicious code in bioql PyPI...

CVE-2023-4607

An authenticated XCC user can change permissions for any user through a crafted API command...

CVE-2024-28135

A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly affected...

CVE-2023-4606

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

CVE-2023-4608

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

Sql injection

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

Lenovo XClarity Controller Security Vulnerability

Lenovo XClarity Controller XCC is a server-embedded management engine from Lenovo China that is used to standardize and automate basic server management tasks. A security vulnerability exists in Lenovo XClarity Controller, which stems from the fact that an authenticated XCC user with read-only...

CVE-2023-4608

CVE-2023-4608 is an authenticated SQL injection vulnerability in Lenovo ThinkSystem’s XClarity Controller (XCC). The issue allows blind SQL injection in limited cases via a crafted API command when exploited by an authenticated XCC user with elevated privileges. Affected are ThinkSystem v2 and v3...

CVE-2023-4607

CVE-2023-4607 describes a vulnerability in Lenovo XClarity Controller (XCC): an authenticated XCC user can leverage a crafted API command to change the permissions of any user, effectively gaining elevated privileges. The issue is documented across multiple sources (Lenovo LEN-140960 reference; R...

CVE-2023-4607

An authenticated XCC user can change permissions for any user through a crafted API command...

CVE-2023-4606

CVE-2023-4606 affects Lenovo ThinkSystem ThinkSystem v2 and v3 servers with XCC. An authenticated XCC user with Read-Only privileges can change another user’s password via a crafted API command. Root cause and explicit exploit details are not provided in the available documents. CVSS v3.1 base sc...