PT-2025-29143 · Unknown · Serviio Media Server

Name of the Vulnerable Software and Affected Versions: Serviio Media Server versions 1.4 through 1.8 Description: An unauthenticated command injection exists in Serviio Media Server. The /rest/action API endpoint, exposed by the console component default port 23423, is vulnerable. The...

CVE-2025-48501

An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running...

Adobe ColdFusion 操作系统命令注入漏洞

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion operating system command injection vulnerability, the vulnerability stems from the...

Sudo chroot 1.9.17 - Local Privilege Escalation

Exploit Title: Sudo chroot 1.9.17 - Local Privilege Escalation Google Dork: not aplicable Date: Mon, 30 Jun 2025 Exploit Author: Stratascale Vendor Homepage:https://salsa.debian.org/sudo-team/sudo Software Link: Version: Sudo versions 1.9.14 to 1.9.17 inclusive Tested on: Kali Rolling 2025-7-3 CV...

The vulnerability of the ExternalScripts web interface module of the NSClient++ monitoring tool allows a hacker to increase their privileges and execute arbitrary commands.

The vulnerability of the ExternalScripts web interface of the NSClient++ monitoring tool is related to the lack of authentication for the critical function. Exploiting this vulnerability allows a remote attacker to enhance their privileges and execute arbitrary commands by connecting to port 8443...

Belkin F9K1122 安全漏洞

The Belkin F9K1122 is a WiFi signal extender from Belkin Canada. The Belkin F9K1122 suffers from a command injection vulnerability that originates from a misbehavior of the parameters mwanipaddr/mwannetmask/mwangateway/mwanstaticdns1/mwanstaticdns2 in the file /goform/formSetWanStatic. can be...

FileBrowser Command Injection Vulnerability (CNVD-2025-22706)

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser suffers from a command injection vulnerability, which is caused by a flaw in the command execution...

FileBrowser Command Injection Vulnerability (CNVD-2025-22700)

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a command injection vulnerability that can be exploited by an attacker to execute arbitrary...

CVE-2025-34078

A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file nsclient.ini stores the administrative password in plaintext and is readable by local users. By extracting this password, an attack...

CVE-2025-26074

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...

Cisco Spaces Connector 操作系统命令注入漏洞

Cisco Spaces Connector is a system for integrating different devices from Cisco USA. An operating system command injection vulnerability exists in Cisco Spaces Connector that stems from insufficient restrictions on the execution of specific CLI commands, which could lead to elevation of privilege...

PT-2025-27655 · Cisco · Cisco Spaces Connector

Name of the Vulnerable Software and Affected Versions: Cisco Spaces Connector affected versions not specified Description: A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system...

CVE-2025-34056

An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters, which are directly embedded into system commands without...

Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

CVE-2025-47812 Wing FTP Server Remote Code Execution RCE Ex...

Sunshine 跨站请求伪造漏洞

Sunshine is an open source self-service game streaming host for Moonlight by LizardByte. A cross-site request forgery vulnerability exists in versions prior to Sunshine 2025.628.4510, which stems from a lack of cross-site request forgery protection in the web UI and could lead to the execution of...

FileBrowser 命令注入漏洞

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser suffers from a command injection vulnerability, which is caused by a flaw in the command execution...

CVE-2025-53098

Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the .roo/mcp.json file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would hav...

CVE-2025-36529

An OS command injection issue exists in multiple versions of TB-eye network recorders and AHD recorders. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who is logging in to the device...

CVE-2025-53098 Roo Code Vulnerable to Potential Remote Code Execution via Model Context Protocol

Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the .roo/mcp.json file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would hav...

GHSA-3Q2W-42MV-CPH4 filebrowser Allows Shell Commands to Spawn Other Commands

!NOTE This feature has been disabled by default for all installations from v2.33.8 onwards, including for existent installations. To exploit this vulnerability, the instance administrator must turn on a feature and ignore all the warnings about known vulnerabilities. We're publishing this new...