Arbitrary Command Execution

github.com/cli/go-gh is vulnerable to Arbitrary command execution. The vulnerability is due to unsafe handling of GitHub-provided URLs, allowing an attacker-controlled GitHub Enterprise Server to replace HTTP URLs with local file paths that could be executed on the user's machine...

CVE-2025-41385

An OS Command Injection issue exists in wivia 5 all versions. If this vulnerability is exploited, an arbitrary OS command may be executed by a logged-in administrative user...

CVE-2025-48938

go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URL...

CVE-2025-5277

aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the MCP client will run arbitrary commands on the host system...

CVE-2025-41385

An OS Command Injection issue exists in wivia 5 all versions. If this vulnerability is exploited, an arbitrary OS command may be executed by a logged-in administrative user...

CVE-2025-41385

An OS Command Injection issue exists in wivia 5 all versions. If this vulnerability is exploited, an arbitrary OS command may be executed by a logged-in administrative user...

CVE-2025-41385

An OS Command Injection issue exists in wivia 5 all versions. If this vulnerability is exploited, an arbitrary OS command may be executed by a logged-in administrative user...

CVE-2025-41385

Summary: CVE-2025-41385 is an OS command injection vulnerability in wivia 5 (all versions). The issue allows a logged-in administrative user to execute arbitrary OS commands due to an injection flaw in the product. The CVSS-derived assessments in the provided documents indicate high impact to con...

PT-2025-23335 · Go-Gh +1 · Go-Gh +1

Name of the Vulnerable Software and Affected Versions: go-gh versions prior to 2.12.1 Description: A security issue has been identified where an attacker-controlled GitHub Enterprise Server could execute arbitrary commands on a user's machine. This is achieved by replacing HTTP URLs provided by...

The vulnerability of the control_panel_sw() function in the /cgi-bin/sysconf.cgi script of the Linksys FGW3000-AH and FGW3000-HK Wi-Fi router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the controlpanelsw function in the /cgi-bin/sysconf.cgi script of the Linksys FGW3000-AH and FGW3000-HK Wi-Fi routers is related to incorrect elimination of special elements in the output data when processing the parameter filename. Exploiting this vulnerability allows an...

go-gh 安全漏洞

go-gh is a collection of Go modules open sourced from the GitHub CLI. It is used to interact with gh and GitHub APIs from the command line. A security vulnerability exists in go-gh versions prior to 2.12.1, which stems from an attacker-controlled GitHub Enterprise Server could lead to the executi...

OS Command Injection

LLama-Index CLI is vulnerable to OS Command Injection. The vulnerability is due to improper input handling due to unsanitized use of the --files argument passed directly into os.system, allowing arbitrary command execution...

The vulnerability of the CloudSrvUserdataVersionCheck() function in TOTOLINK CA600-PoE router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the CloudSrvUserdataVersionCheck function in TOTOLINK CA600-PoE router’s software lies in the lack of measures taken at the control level during the processing of the svn parameter. Exploiting this vulnerability allows an attacker to execute arbitrary commands by sending...

CVE-2025-4009 Unauthenticated Arbitrary Command Injection in Evertz SDVN

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among...

WAVLINK WL-WN579A3 /cgi-bin/firewall.cgi Command Injection Vulnerability

WAVLINK WL-WN579A3 is a high performance dual-band wireless card from China RuiYin WAVLINK. The WAVLINK WL-WN579A3 suffers from a command injection vulnerability that originates from unfiltered input in the /cgi-bin/firewall.cgi component, which can be exploited by an attacker to submit a special...

WAVLINK WL-WN579A3 /cgi-bin/adm.cgi Command Injection Vulnerability

WAVLINK WL-WN579A3 is a high performance dual-band wireless card from China RuiYin WAVLINK. A command injection vulnerability exists in WAVLINK WL-WN579A3 /cgi-bin/adm.cgi, which can be exploited by an attacker to submit a special request and execute arbitrary commands...

CVE-2025-0356

NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier allows a attacker to execute arbitrary OS commands via the network...

CVE-2024-52505

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in...

CVE-2024-52019

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wangateway parameter at geniefix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-49368

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue...