CVE-2025-20178

A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient integrity...

Unsafe Deserialization

picklescan is vulnerable to Unsafe deserialization. The vulnerability is due to the ability to exploit built-in functions in the NumPy library that indirectly invoke dangerous functions like exec, allowing execution of arbitrary Python or OS commands...

Wallos 安全漏洞

Wallos is an open source personal subscription tracker by the individual developer Miguel Ribeiro. A security vulnerability exists in Wallos 2.38.2 and earlier versions, which stems from a recovery database feature that allows unauthenticated users to upload malicious files, potentially leading t...

CVE-2024-55372

CVE-2024-55372 concerns Wallos

CVE-2024-44843

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...

CVE-2025-32778 Web-Check allows command Injection via Unvalidated URL in Screenshot API

Web-Check is an all-in-one OSINT tool for analyzing any website. A command injection vulnerability exists in the screenshot API of the Web Check project Lissy93/web-check. The issue stems from user-controlled input url being passed unsanitized into a shell command using exec, allowing attackers t...

Command Injection

jupyterlabgit is vulnerable to Command Injection. The vulnerability is due to improper handling of shell command substitution in directory names when using cd through the shell, which allows an attacker to execute arbitrary commands without user consent...

Security Bulletin: IBM Security Verify Governance - Identity Manager virtual appliance has multiple vulnerabilities

Summary Multiple security vulnerabilities in the dependent components have been addressed in IBM Security Verify Governance - Identity Manager virtual appliance. Vulnerability Details CVEID:CVE-2023-52425 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by improper system resour...

RHEL 7 : fluentd (RHSA-2018:2225)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:2225 advisory. Fluentd is an open source data collector designed to scale and simplify log management. It can collect, process and ship many kinds of data in near...

Security Bulletin: Vulnerability in PHP might affect IBM Storage Sentinel Anomaly Scan Engine.

Summary Vulnerabilities in PHP might affect IBM Storage Sentinel Anomaly Scan Engine. A remote attacker can execute arbitrary OS commands, obtain sensitive information, bypass security restrictions, and cause denial of service as described by the CVEs in the "Vulnerability Details" section...

CVE-2025-32107

OS command injection vulnerability exists in Deco BE65 Pro firmware versions prior to "Deco BE65 ProJPV11.1.2 Build 20250123". If this vulnerability is exploited, an arbitrary OS command may be executed by the user who can log in to the device...

Advisory ROSA-SA-2025-2828

Software: postgresql14 14.16 OS: ROSA Virtualization 3.0 packageevrstring: postgresql14-14.16-1PGDG.rv30 CVE-ID: CVE-2024-10976 BDU-ID: 2024-09684 CVE-Crit: LOW CVE-DESC.: A vulnerability in the CREATE POLICY row-protected table security policy of the PostgreSQL database management system is...

CVE-2025-25053

OS command injection vulnerability in the WEB UI the setting page exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product...

CVE-2025-27797

OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product...

CVE-2025-32107

OS command injection vulnerability exists in Deco BE65 Pro firmware versions prior to "Deco BE65 ProJPV11.1.2 Build 20250123". If this vulnerability is exploited, an arbitrary OS command may be executed by the user who can log in to the device...

CVE-2025-32107

CVE-2025-32107 affects TP-Link Deco BE65 Pro firmware pre-1.1.1.2 Build 20250123 (JP). The flaw is an OS command injection in the device’s software, allowing an authenticated user who can log in to execute arbitrary OS commands. Impact is described as total compromise of the device’s command exec...

Checkmk 安全漏洞

Checkmk is an IT monitoring platform from Checkmk, Inc. Checkmk has a security vulnerability that stems from improper neutralization of the livestatus command separator, which could lead to arbitrary command execution. The following versions are affected: versions prior to 2.2.0p39, versions prio...

PT-2025-16001 · Palo Alto Networks · Palo Alto Networks Cortex Xdr Broker Vm

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Cortex XDR Broker VM affected versions not specified Description: A command injection issue in the Palo Alto Networks Cortex XDR Broker VM allows an authenticated user to execute arbitrary OS commands with root privileges o...

Dell PowerProtect Data Domain Access Control Vulnerability

Dell PowerProtect Data Domain is a data protection storage appliance from Dell Technologies, built on the Data Domain platform and designed for building a resilient foundation for networks and enabling rapid data recovery. An access control vulnerability exists in Dell PowerProtect Data Domain,...

The vulnerability of the implementation of the AWS4-HMAC-SHA256 algorithm in the cross-platform FTP server CrushFTP allows a hacker to bypass security restrictions, gain access to the administrator account, and execute arbitrary commands.

The vulnerability of the AWS4-HMAC-SHA256 algorithm implementation in the cross-platform FTP server CrushFTP relates to the bypassing of authentication by using the default crushadmin account. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions, gain access ...