Dell ThinOS Command Injection Vulnerability

Dell ThinOS is a client operating system from the American company Dell. Dell ThinOS suffers from a command injection vulnerability that arises from an application's failure to properly filter constructed command special characters, commands, etc. The vulnerability can be exploited to execute...

CVE-2025-22370 Mennekes smart/premium charges systems, SQL Injection in web configuration interface

Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized...

The vulnerability of the integrated controller, Satellite Management Controller (SMC), in AMD MI300X microprocessor-based software allows a intruder to execute arbitrary commands and cause malfunctions during maintenance.

The vulnerability of the integrated controller, Satellite Management Controller SMC, in the microprogrammed software of AMD MI300X processors is related to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to execute arbitrary commands and cause...

The vulnerability of the ArcGIS Pro geospatial information system and the ArcGIS AllSource software for analyzing operational data, related to the use of an unreliable search path, allows a perpetrator to execute arbitrary commands.

The vulnerability of the ArcGIS Pro geospatial information system and the ArcGIS AllSource software for analyzing operational data is related to the use of an unreliable search path. Exploiting this vulnerability could allow a attacker to execute arbitrary commands by loading a specially created...

Amazon Linux 2 : emacs (ALAS-2025-2770)

The version of emacs installed on the remote host is prior to 27.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2770 advisory. A flaw was found in the Emacs text editor. Improper handling of custom man URI schemes allows attackers to execute arbitrary shell...

CVE-2025-24864

Incorrect access permission of a specific folder issue exists in RemoteView Agent for Windows versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege...

CVE-2025-27597

CVE-2025-27597 affects Vue I18n: the vulnerable components are @intlify/message-resolver and @intlify/vue-i18n-core. The handleFlatJson entry point allows prototype pollution via payloads that modify Object.prototype, enabling DoS and potentially enabling remote code execution if polluted propert...

CVE-2025-27597 Vue I18n Prototype Pollution in `handleFlatJson`

Vue I18n is the internationalization plugin for Vue.js. @intlify/message-resolver and @intlify/vue-i18n-core are vulnerable to Prototype Pollution through the entry function: handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the...

CVE-2025-27597 Vue I18n Prototype Pollution in `handleFlatJson`

Vue I18n is the internationalization plugin for Vue.js. @intlify/message-resolver and @intlify/vue-i18n-core are vulnerable to Prototype Pollution through the entry function: handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the...

vue-i18n 安全漏洞

vue-i18n is an application from intlify open source. A security vulnerability exists in vue-i18n. An attacker can execute arbitrary commands by exploiting the vulnerability...

QNAP Systems QuRouter 安全漏洞

QNAP Systems QuRouter is a router management system from China Weilian Technology QNAP Systems. A security vulnerability exists in QNAP Systems QuRouter that stems from command injection and could lead to a remote attacker executing arbitrary commands...

Dell ThinOS 命令注入漏洞

Dell ThinOS is a client operating system from the American company Dell. Dell ThinOS suffers from a command injection vulnerability that arises from an application's failure to properly filter constructed command special characters, commands, etc. The vulnerability can be exploited to execute...

CVE-2025-24864

Incorrect access permission of a specific folder issue exists in RemoteView Agent for Windows versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege...

CVE-2025-24864

Incorrect access permission of a specific folder issue exists in RemoteView Agent for Windows versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege...

JVN#24992507: Multiple vulnerabilities in RemoteView Agent (for Windows)

RemoteView allows a local PC to connect and control remote PCs through the cloud service provided by RSUPPORT Co.,Ltd. On the remote PCs should be installed RemoteView Agent. The following vulnerabilities are reported on RemoteView Agent installation. Incorrect access permission of a specific...

Ghostscript 9.21 Arbitrary Command Execution

Ghostscript version 9.21 exploit that leverages a flaw from 2017 to execute arbitrary commands and provides a reverse shell. ============================================================================================================================================= | Title : Ghostscript versions...

DRUPAL-CONTRIB-2025-021

The AI Automators module a submodule of AI enables you to create different automated tasks that fills out field data using LLM outputs. The module doesn't sufficiently sanitize input before passing it to the underlying shell as part of a command for execution, allowing an attacker to run arbitrar...

Tenda AC15 命令注入漏洞

The Tenda AC15 is a wireless router from the Chinese company Tenda. A command injection vulnerability exists in Tenda AC15 version 15.03.05.19, which originates from an application that fails to properly filter constructed command special characters, commands, etc. The vulnerability can be...

The vulnerability of the IAM and user directory management software of IBM Security Verify Directory, which exists due to the failure to take measures to neutralize special elements, allows a perpetrator to execute arbitrary commands.

The vulnerability of the IAM and user directory management software of IBM Security Verify Directory exists due to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands through a specially crafted request...

Linux Distros Unpatched Vulnerability : CVE-2023-24531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a...