90 matches found
CVE-2025-63718
A SQL injection vulnerability exists in the SourceCodester PQMS Patient Queue Management System 1.0 in the apipatientschedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands...
EUVD-2019-6390
Malware in sbrugna...
EUVD-2019-9221
Malware in sbrugna...
EUVD-2021-2472
Malware in sbrugna...
EUVD-2019-6856
Malware in sbrugna...
EUVD-2020-26915
Malware in sbrugna...
EUVD-2022-29878
Malicious code in bioql PyPI...
EUVD-2022-38718
Malicious code in bioql PyPI...
CVE-2025-50688
A command injection vulnerability exists in TwistedWeb version 14.0.0 due to improper input sanitization in the file upload functionality. An attacker can exploit this vulnerability by sending a specially crafted HTTP PUT request to upload a malicious file e.g., a reverse shell script. Once...
CVE-2025-53905 Vim has path traversial issue with tar.vim and special crafted tar files
Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successful...
CVE-2024-51254
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the signcacertificate function...
CVE-2023-33486
TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter...
CVE-2021-38611
A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php...
CVE-2019-15343
The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.8. This app contains an exported service named...
CVE-2025-44839
CVE-2025-44839 affects TOTOLINK CA600-PoE (V5.3c.6665_B20180820). The CloudSrvUserdataVersionCheck function is vulnerable to command injection via the magicid parameter, allowing arbitrary commands through a crafted request. Root cause: insufficient filtering of constructed command characters in ...
Linux Distros Unpatched Vulnerability : CVE-2022-24803
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Asciidoctor-include-ext is Asciidoctor's standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied...
CVE-2024-33806
A SQL injection vulnerability in /model/getgrade.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...
GHSA-CCQV-43VM-4F3W Gogs allows deletion of internal files
Impact Unprivileged user accounts can execute arbitrary commands on the Gogs instance with the privileges of the account specified by RUNUSER in the configuration. It allows attackers to access and alter any users' code hosted on the same instance. Patches Deletion of .git files has been prohibit...
CVE-2024-11320
Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through =777.4...
CVE-2024-22026
A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance...