Linksys E7350 安全漏洞

The Linksys E7350 is a wireless router device from Leadsys. A security vulnerability exists in the handling of the ifname parameter in the Linksys E7350 apclidoenrpinwps function, which can be exploited by a remote attacker to submit a special request that can be used in the application context t...

iocharger 安全漏洞

iocharger is an electric vehicle charging and smart energy management solution from the Chinese company Galaxy Zhangtan iocharger. iocharger suffers from a command injection vulnerability that stems from the application's failure to properly filter constructed command special characters, commands...

CVE-2024-51442

CVE-2024-51442 affects Minidlna v1.3.3 and earlier. It enables command injection by processing a crafted minidlna.conf, allowing arbitrary OS commands to be executed remotely (network attack, low complexity, no privileges, user interaction required). According to connected NASL/Nessus data, patch...

LangChain < 0.2.9 Vulnerability - CVE-2024-5998

The version of LangChain installed on the remote host is prior to 0.2.9. It is, therefore, affected by a deserialization vulnerability in the FAISS.deserializefrombytes function. This can lead to the execution of arbitrary commands via the os.system function. Note that Nessus has not tested for...

CVE-2024-11681

A malicious or compromised MacPorts mirror can execute arbitrary commands as root on the machine of a client running port selfupdate against the mirror...

PT-2025-1678 · Macports · Macports

Name of the Vulnerable Software and Affected Versions: MacPorts affected versions not specified Description: A malicious or compromised MacPorts mirror can execute arbitrary commands as root on the machine of a client running port selfupdate against the mirror. Recommendations: At the moment, the...

CVE-2021-27285

An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell...

CVE-2021-27285

An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell...

CVE-2021-27285

An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell...

CVE-2021-27285

CVE-2021-27285 affects Inspur ClusterEngine v4.0. The issue allows attackers to gain escalated local privileges and execute arbitrary commands via the binary path /opt/tsce4/torque6/bin/getJobsByShell. The Red Hat and NVD entries corroborate the same description across multiple vendors, with no p...

CVE-2024-13062

An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution. Refer to the ' 01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information...

CVE-2024-13062

An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution. Refer to the ' 01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information...

CVE-2024-12912

An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary command execution. Refer to the '01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information...

CVE-2024-12912

CVE-2024-12912 describes an improper input insertion vulnerability in ASUS AiCloud on certain router models that may lead to arbitrary command execution. The vulnerability is documented with a network attack vector, requiring high privileges and no user interaction, and it has a high impact on co...

PT-2025-1262 · Asus · Asus Router Aicloud

Name of the Vulnerable Software and Affected Versions: ASUS Router AiCloud affected versions not specified Description: An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution. The vulnerability is related to the lack o...

ASUS AiCloud 安全漏洞

ASUS AiCloud is a router control program from Asus China. A security vulnerability exists in ASUS AiCloud that stems from the presence of incorrect input insertion, which could lead to arbitrary command execution...

CVE-2024-56803

Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...

CVE-2024-56803

Ghostty is a cross‑platform terminal emulator. In version 1.0.0, it improperly handles a specific window-title escape sequence, allowing an attacker to modify the window title and then insert it back into the command line, potentially enabling arbitrary command execution when a user views a file ...

CVE-2024-56803 Ghostty improperly handles window title sequences which can lead to arbitrary command execution

Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...

OpenShift Hive RCE through AWS/Kubernetes client configuration leads to privilege escalation

A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod...