Linux Distros Unpatched Vulnerability : CVE-2023-24531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a...

Linux Distros Unpatched Vulnerability : CVE-2023-27635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands because of an eval call via a crafted .deb file. The path is shown to the...

Arbitrary IRC Command Execution

matrix-appservice-irc is vulnerable to arbitrary IRC command execution. The vulnerability is due to improper command handling, which allows an attacker to inject and execute arbitrary IRC commands as their own puppeted user...

Linux Distros Unpatched Vulnerability : CVE-2017-14867

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands su...

Command Injection Vulnerability in Cisco Application Policy Infrastructure Controller CLI

Cisco Application Policy Infrastructure Controller is a software for Cisco ACI switching matrix automation and management from Cisco. A command injection vulnerability exists in the Cisco Application Policy Infrastructure Controller CLI, which can be exploited by an attacker to submit a special...

Geovision GV-ASWeb Code Injection Vulnerability

Geovision GV-ASWeb is a Web-based software from Geovision China for remote access and configuration of GV-ASManager's database. A code injection vulnerability exists in Geovision GV-ASWeb, which can be exploited by an attacker to execute arbitrary commands on the system...

Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability

Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution...

Tenda AC7 命令注入漏洞

Tenda AC7 is a wireless router from Tenda, a Chinese company. A command injection vulnerability exists in Tenda AC7 version 15.03.06.44. The vulnerability stems from the TendaTelnet function in the /goform/telnet file failing to properly filter constructor command special characters, commands, et...

Judge0 1.13.0 Code Execution

Judge0 version 1.13.0 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : Judge0 v 1.13.0 PHP Code Injection Vulnerability | | Author : indoushka | |...

CVE-2025-27146

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability h...

PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices

A new malware campaign has been observed targeting edge devices from Cisco, ASUS, QNAP, and Synology to rope them into a botnet named PolarEdge since at least the end of 2023. French cybersecurity company Sekoia said it observed the unknown threat actors deploying a backdoor by leveraging...

CVE-2025-22495

An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability to execute arbitrary commands. The vulnerability has been resolved in the version 3.0.4. Note -...

Cisco APIC 命令注入漏洞

Cisco Application Policy Infrastructure Controller is a software for Cisco ACI switching matrix automation and management from Cisco. A command injection vulnerability exists in the Cisco Application Policy Infrastructure Controller CLI, which can be exploited by an attacker to submit a special...

CVE-2025-27146

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability h...

GHSA-5MVM-89C9-9GM5 Matrix IRC Bridge allows IRC command injection to own puppeted user

Impact The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. Patches The vulnerability has been patched in matrix-appservice-irc...

matrix-appservice-irc 安全漏洞

matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. A security vulnerability exists in matrix-appservice-irc version 3.0.3 and earlier. An attacker can exploit this vulnerability to execute arbitrary IRC commands...

Advisory ROSA-SA-2025-2720

Software: vim 8.0.1763 OS: ROSA Virtualization 3.0 packageevrstring: vim-8.0.1763 CVE-ID: CVE-2019-12735 BDU-ID: 2019-03251 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the getchar.c library of the Vim text editor is related to the lack of filtering of the "!source" command, which allows arbitrar...

D-Link DSL-3782 Multiple Parameter OS Command Injection Vulnerability

The D-Link DSL-3782 is a wireless router from Taiwan, China-based D-Link. The D-Link DSL-3782 suffers from an OS command injection vulnerability that originates from the inIP, insPort, inePort, exsPort, exePort, and protocol parameters, which can be exploited by an attacker to execute arbitrary...

D-Link DSL-3782 Multiple Parameter OS Command Injection Vulnerability

The D-Link DSL-3782 is a wireless router from Taiwan, China-based D-Link. The D-Link DSL-3782 suffers from an OS command injection vulnerability that originates in the sambawg and sambanbn parameters, which can be exploited by an attacker to execute arbitrary commands...

CVE-2025-25675

Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmdbuf variable, which is directly used in the doSystemCmd function, causing an arbitrary...