315 matches found
Arbitrary Command Injection
mcp-server-kubernetes is vulnerable to Arbitrary Command Injection. The vulnerability is due to passing user-supplied command strings directly to shell execution sh -c without input validation, which allows an attacker to inject and execute arbitrary commands through crafted inputs or indirect...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the evaluation of credential values in non-POSIX shell environments. An attacker can execute arbitrary commands on the operator's device by crafting malicious credential values in infrastructure Secret...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the evaluation of credential values in non-POSIX shell environments. An attacker can execute arbitrary commands on the operator's device by crafting malicious credential values in infrastructure Secret...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the evaluation of credential values in non-POSIX shell environments. An attacker can execute arbitrary commands on the operator's device by crafting malicious credential values in infrastructure Secret...
Arbitrary Command Injection
Overview cai-framework is a Cybersecurity AI Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the runsshcommandwithcredentials function. An attacker can execute arbitrary commands on the host system by supplying crafted values for the username, host, o...
Arbitrary Command Injection
Overview mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl Affected versions of this package are vulnerable to Arbitrary Command Injection via the execinpod tool. An attacker can execute arbitrary commands within Kubernetes pods by supplying crafted input...
Arbitrary Command Injection
Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Arbitrary Command Injection via the Ad management feature. An attacker can execute arbitrary code on the server by uploading a crafted PHP file, which is then executed due to insufficient...
Arbitrary Command Injection
Overview willitmerge is an A command line tool to check if pull requests are mergeable. Affected versions of this package are vulnerable to Arbitrary Command Injection due to the use of insecure child process execution API exec. An attacker can execute arbitrary system commands by supplying craft...
Arbitrary Command Injection
Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Arbitrary Command Injection via the backup and restore processes when handling file path input with shell execution enabled. An attacker can execute arbitrary system commands by supplying specially crafted...
PT-2025-46853
Name of the Vulnerable Software and Affected Versions Cisco Catalyst Center affected versions not specified Description A flaw exists in the REST API of Cisco Catalyst Center that could allow a remote attacker with valid credentials at least Observer role to execute arbitrary commands within a...
Arbitrary Command Injection
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Arbitrary Command Injection via the nodevm execution environment when integrated modules such as Puppeteer or Playwright are used with attacker-controlled browser binary paths and parameters. An authenticat...
EUVD-2014-4897
Malware in sbrugna...
EUVD-2021-0518
Malware in sbrugna...
EUVD-2019-8489
Malware in sbrugna...
EUVD-2017-6573
Malware in sbrugna...
EUVD-2019-9468
Malware in sbrugna...
EUVD-2014-1767
Malware in sbrugna...
EUVD-2022-1258
Malicious code in bioql PyPI...
EUVD-2022-3166
Malicious code in bioql PyPI...
EUVD-2022-6555
Malicious code in bioql PyPI...