1445 matches found
PT-2026-20983
Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.6.8 Description A command injection issue exists in Deno's node:child process implementation. The issue allows for arbitrary command execution through crafted input provided to the spawnSync function when the shell...
GO-2026-4493 Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC in github.com/yokecd/yoke
Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC in github.com/yokecd/yoke...
CVE-2026-1046
Mattermost Desktop App versions
PT-2026-8017
Name of the Vulnerable Software and Affected Versions MojoPortal CMS version 2.9.0.1 Description A zip slip vulnerability exists in the /DesignTools/SkinList.aspx API endpoint of the software. This allows attackers to execute arbitrary commands by uploading a specially crafted zip file. The zip...
TOTOLINK WA300 OS Command Injection Vulnerability
TOTOLINK WA300 is a wireless access point from China Gion Electronics TOTOLINK. The TOTOLINK WA300 suffers from an operating system command injection vulnerability that originates from the parameter Ipaddr in the file /cgi-bin/cstecgi.cgi failing to correctly filter constructed command special...
OpenSTAManager 操作系统命令注入漏洞
OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager 2.9.8 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the P7M file decoding function’s...
Dokploy operating system command injection vulnerability
Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.6 contained a vulnerability related to operating system command injection. This vulnerability stemmed from command injection in the WebSocket endpoint/docker-container-terminal, which could allow for...
Command injection vulnerability in ASUS routers
Overview Multiple routers provided by ASUSTeK COMPUTER INC. contain command injection vulnerability in AiCloud. Command injection CWE-77 - CVE-2025-2492 NICTER Analysis Team of Cybersecurity Research Institute, National Institute of Information and Communications Technology reported this...
PT-2026-3888
Name of the Vulnerable Software and Affected Versions AES affected versions not specified Description AES contains a SQL injection issue because of an inactive configuration that bypasses the latest SQL parsing logic. Without this configuration enabled, specially crafted input can be mishandled,...
Ruijie AP180 Series Operating System Command Injection Vulnerability
The Ruijie AP180 Series is a series of panel-type wireless access points produced by the Chinese company Ruijie. Previous versions of the Ruijie AP180 Series, including those with model number 11.94B1P8, had a vulnerability related to operating system command injection. This vulnerability stems...
Orval has a code injection via unsanitized x-enum-descriptions in enum generation
Impact Arbitrary code execution in environments consuming generated clients This issue is similar in nature to the recently-patched MCP vulnerability CVE-2026-22785, but affects a different code path in @orval/core that was not addressed by that fix. The vulnerability allows untrusted OpenAPI...
CVE-2026-23836
HotCRP is conference review software. A problem introduced in April 2024 in version 3.1 led to inadequately sanitized code generation for HotCRP formulas which allowed users to trigger the execution of arbitrary PHP code. The problem is patched in release version 3.2...
WordPress FluentForm plugin <= 6.1.11 - Arbitrary Shortcode Execution vulnerability
Arbitrary Shortcode Execution vulnerability discovered by Kishan Vyas in WordPress Plugin FluentForm versions = 6.1.11...
HPE AOS 安全漏洞
HPE AOS is an operating system from HPE, USA. A security vulnerability exists in HPE AOS 8 that stems from a command injection vulnerability in the web-based management interface that could lead to the execution of arbitrary commands...
CVE-2022-35509
An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information...
CVE-2019-20610
An issue was discovered on Samsung mobile devices with N7.X and O8.X Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 April 2019...
CVE-2013-6127
The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the...
Selea CarPlateServer 访问控制错误漏洞
Selea CarPlateServer is a car plate recognition software from Selea, Italy. An access control error vulnerability exists in Selea CarPlateServer version 4.0.1.6, which originates from the ability to bypass authentication by manipulating the NOLISTEXEPATH configuration parameter, which could lead ...
CVE-2025-46268
Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands...
CVE-2025-60068
CVE-2025-60068 is a WordPress plugin vulnerability in Javo Core (WordPress plugin) that allows arbitrary code execution due to improper control over code generation (code injection). Affected version range: Javo Core up to