EUVD-2025-25196

Malicious code in bioql PyPI...

EUVD-2023-0909

Malicious code in bioql PyPI...

EUVD-2022-52273

Malicious code in bioql PyPI...

EUVD-2023-43239

Malicious code in bioql PyPI...

Tourism Management System 2.0 - Arbitrary Shell Upload

Exploit Title: Tourism Management System 2.0 - Arbitrary Shell Upload Date: 2025-10-09 Exploit Author: Debug Security Vendor Homepage: https://kodcloud.com/ Software Link: https://github.com/sohamjuhin/Tourism-Management-System Version: v2.0 Tested on: Windows 11, PHP 8.2.4, Apache 2.4.56 CVE:...

PT-2025-37763

Name of the Vulnerable Software and Affected Versions: FreePBX versions 17.0.19.11 through 17.0.20 Description: FreePBX is a web-based graphical user interface. Authenticated users of the Administrator Control Panel ACP can execute arbitrary shell commands by manipulating the framework module's...

CVE-2012-10046

The CVE-2012-10046 entry concerns the E-Mail Security Virtual Appliance (ESVA), tested on ESVA_2057, which contains an unauthenticated command-injection in the learn-msg.cgi CGI handler. The vulnerability stems from inadequate sanitization of user input in the id parameter, allowing arbitrary she...

CVE-2012-10046 E-Mail Security Virtual Appliance learn-msg.cgi Command Injection

The E-Mail Security Virtual Appliance ESVA tested on version ESVA2057 contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands...

PT-2025-31686 · Raidsonic · Ib-Nas5220 +1

Name of the Vulnerable Software and Affected Versions: Raidsonic NAS devices versions IB-NAS5220 and IB-NAS4220 Description: An OS command injection issue exists due to improper sanitization of user-supplied input. The timeHandler.cgi API endpoint is vulnerable, allowing remote attackers to injec...

Unauthorized Command Execution

github.com/filebrowser/filebrowser, is vulnerable to unauthorized command execution.The vulnerability is due to improper enforcement of scope restrictions on the Command Execution feature, which allows an attacker to execute arbitrary shell commands outside their assigned scope and gain...

CVE-2023-39517

Joplin is a free, open source note taking and to-do application. A Cross site scripting XSS vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer packages/renderer/htmlUtils.ts::sanitizeHtml preserves links. However,...

CVE-2023-38294

Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...

CVE-2022-30303

An improper neutralization of special elements used in an os command 'OS Command Injection' CWE-78 in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as root user via crafted HTTP requests...

CVE-2022-46649

Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device...

CVE-2019-8513

This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to execute arbitrary shell commands...

PT-2025-31839

Name of the Vulnerable Software and Affected Versions: Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 Description: An unauthenticated OS command injection vulnerability exists in the device. When configuring the device in Extender mode via its captive portal, the extap2g SSID field is...

CVE-2022-37061

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...

Important: emacs

Issue Overview: A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. CVE-2025-1244 Affected Packages: emacs Issue...

CVE-2025-0593

The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by using lower-level functions to interact with the device...

SICK Lector8xx和SICK InspectorP8xx 安全漏洞

SICK Lector8xx and SICK InspectorP8xx are both products of SICK Germany.SICK Lector8xx is a 2D laser scanning barcode reader.SICK InspectorP8xx is a high performance 2D laser scanning sensor. A security vulnerability exists in SICK InspectorP8xx versions prior to 3.11.1 and SICK Lector8xx version...