PT-2025-26441 · Unknown · Trustyai Explainability Toolkit

Name of the Vulnerable Software and Affected Versions: TrustyAI Explainability toolkit affected versions not specified Description: A command injection issue was discovered in the TrustyAI Explainability toolkit. This issue allows arbitrary commands placed in certain fields of a LMEValJob custom...

CVE-2025-33117

IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands...

CVE-2025-50201

WeGIA (web manager for charitable organizations) contains an OS command injection vulnerability in /html/configuracao/debug_info.php where the branch parameter is not sanitized before shell execution. This allows an unauthenticated attacker to run arbitrary commands as the web server user (www-da...

Remote Code Execution (RCE)

Salt is vulnerable to Remote command execution. The vulnerability is due to improper input validation in the 'on demand' pillar functionality, allowing a specially crafted git URL to trigger arbitrary command execution on the master with elevated privileges...

PT-2025-26192 · Versa · Versa Director

Name of the Vulnerable Software and Affected Versions: Versa Director SD-WAN orchestration platform affected versions not specified Description: The Versa Director SD-WAN orchestration platform has a command injection issue in the Shell-In-A-Box service, allowing an attacker to execute arbitrary...

Astra Linux - уязвимость в edk2

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...

The vulnerability of the graphics processor in microprogrammed software embedded in Qualcomm chips allows attackers to execute arbitrary commands.

The vulnerability of the graphics processor in embedded Qualcomm software systems is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

Wifisoft UniBox Controller 命令注入漏洞

Wifisoft UniBox Controller is a small smart access controller from Wifisoft Corporation, USA. A command injection vulnerability exists in Wifisoft UniBox Controller 20250506 and prior versions, which stems from an os command injection issue that could lead to the execution of arbitrary commands...

TencentOS Server 4: emacs (TSSA-2025:0187)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0187 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: cups (TSSA-2024:0323)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0323 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2025-39240

Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command...

CVE-2025-22237

An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...

UBUNTU-CVE-2025-22237

An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...

CVE-2025-39240

Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command...

Salt 安全漏洞

Salt is an automation, infrastructure management, data-driven orchestration and remote execution application from the Salt project. A security vulnerability exists in Salt that stems from a specially crafted git URL that could trigger the master process to execute arbitrary commands...

Cisco Unified Communications Command Injection Vulnerability

Cisco Unified Communications is an enterprise call control and session management platform from Cisco that connects people anywhere using any device. A command injection vulnerability exists in Cisco Unified Communications that stems from insufficient validation of command parameters and can be...

PT-2025-25187 · Weidmueller · Ie-Sr-2Tx-Wl +2

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to a lack of Cross-Site Request Forgery CSRF protection in the Main Web...

Exploit for CVE-2025-49113

Roundcube RCE Exploit CVE-2025-49113 A fully functional pro...

AIX is vulnerable to arbitrary command execution due to Perl (CVE-2025-33112)

IBM SECURITY ADVISORY First Issued: Tue Jun 10 08:28:43 CDT 2025 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/perladvisory9.asc Security Bulletin: AIX is vulnerable to arbitrary command execution due to Perl CVE-2025-33112...

Malicious code in @gluestack-ui/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 17982e09dcf1a69caf714afad49b310371d80fe7260bf21fcad08da2a07df00c React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...