CVE-2020-36856

Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...

EUVD-2025-37213

Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful exploitatio...

CVE-2024-14008

Nagios XI versions prior to 2024R1.3.2 contain a remote command execution vulnerability in the WinRM Configuration Wizard. Insufficient validation of user-supplied input allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations...

CVE-2024-14008

Nagios XI prior to 2024R1.3.2 is affected by a remote command execution vulnerability in the WinRM Configuration Wizard. The issue stems from insufficient validation of user-supplied input, allowing an authenticated administrator to inject shell metacharacters into backend command invocations, re...

CVE-2020-36856 Nagios XI < 5.6.14 Authenticated RCE command_test.php via address

Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...

CVE-2025-34284 Nagios XI < 2024R2 Authenticated Command Injection via WinRM Plugin

Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful exploitatio...

CVE-2025-34284 Nagios XI < 2024R2 Authenticated Command Injection via WinRM Plugin

Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful exploitatio...

CVE-2025-61156

Incorrect access control in the kernel driver of ThreatFire System Monitor v4.7.0.53 allows attackers to escalate privileges and execute arbitrary commands via an insecure IOCTL...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2024R1.2, which stems from insufficient...

CVE-2025-61156

ThreatFire System Monitor, version 4.7.0.53, contains a kernel driver flaw with insecure IOCTL that allows privilege escalation and arbitrary command execution. The vulnerability is due to incorrect access control in the kernel driver. Documented impact: local attacker can escalate privileges and...

Exploit for Code Injection in Exiftool_Project Exiftool

CVE-2021-22204 취약점 exiftool 임의 명령 실행 사용법 1. exploit...

Linux Distros Unpatched Vulnerability : CVE-2025-10230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or...

Security Updates for Microsoft Word Products C2R (October 2025)

The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple remote code execution vulnerabilities that attackers can exploit to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for these issues but has instead...

CVE-2025-6542

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...

CVE-2025-6541

An arbitrary OS command may be executed on the product by the user who can log in to the web management interface...

CVE-2025-6542 OS command injection in multiple parameters

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...

CVE-2025-6541

CVE-2025-6541 affects TP-Link Omada gateway devices. The flaw allows command injection in the device OS via the web management interface, exploitable by an authenticated user to run arbitrary commands. Impact is high per CVSS. TP-Link issued firmware updates addressing this and similar flaws; use...

ZOHO ManageEngine ADManager Plus 安全漏洞

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

ZenML Input Validation Error Vulnerability

ZenML is an extensible open source MLOps framework from ZenML Open Source for creating portable, production-ready machine learning pipelines. An input validation error vulnerability exists in ZenML version 0.83.1, which stems from the failure of the PathMaterializer class to effectively detect...

Centreon Command Injection Vulnerability (CNVD-2025-24650)

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon suffers from a command injection vulnerability that stems from the application's failure to...