CVE-2019-12767

An issue was discovered on D-Link DAP-1650 devices before 1.04B02J65H Hot Fix. Attackers can execute arbitrary commands...

CVE-2019-12585

Apcupsd 0.3.915, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsdstatus.php...

CVE-2025-61492

The CVE describes a command injection in terminal-controller-mcp 0.1.7, specifically in the execute_command function. Attackers can inject commands via crafted input to achieve arbitrary command execution, with the CVSSv3.1 scoring indicating network access, low attack complexity, and no privileg...

Kieback&Peter Neutrino-GLT 操作系统命令注入漏洞

Kieback&Peter Neutrino-GLT is a building management system from Kieback&Peter, Germany. Kieback&Peter Neutrino-GLT suffers from an operating system command injection vulnerability that stems from a shell command injection in the web component SM70 PHWEB login form, which could lead to the executi...

Passy 安全漏洞

Passy is a physical access management platform from Passy, an Italian company. A security vulnerability exists in Passy version 1.6.3 that originates from a specially crafted HTTP request and could lead to the execution of arbitrary commands...

PT-2026-4295

Name of the Vulnerable Software and Affected Versions Incus versions 6.21.0 and below IncusOS affected versions not specified Description Incus is a system container and virtual machine manager. A flaw exists where a user capable of launching containers with custom images e.g., a member of the...

CVE-2025-68700

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.23.0, a low-privileged authenticated user normal login account can execute arbitrary system commands on the server host process via the frontend Canvas CodeExec component, completely bypassing sandbox...

CVE-2015-10145

Gargoyle router management utility versions 1.5.x expose an authenticated OS command execution vulnerability in /utility/run_commands.sh due to improper validation of the commands parameter. An authenticated attacker can execute arbitrary shell commands on the device, potentially leading to full ...

CVE-2025-68668 n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands...

CVE-2025-68668 n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands...

CVE-2025-68668 n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands...

CVE-2025-68668

CVE-2025-68668 affects n8n 1.x (1.0.0 up to

GHSA-62R4-HW23-CC8V n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

Impact A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process...

n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

Impact A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process...

EUVD-2025-205454

n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node...

CVE-2025-25364

A command injection vulnerability in the me.connectify.SMJobBlessHelper XPC service of Speedify VPN up to v15.0.0 allows attackers to execute arbitrary commands with root-level privileges...

Advantech WebAccess/SCADA SQL Injection Vulnerability

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. An SQL injection vulnerability exists in...

TencentOS Server 4: edk2 (TSSA-2025:0967)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0967 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2025-11542

Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs...

CVE-2025-11542

Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs...