CVE-2024-51257

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doCertificate function...

CVE-2024-42898

A cross-site scripting XSS vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page...

CVE-2021-21882

An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2020-7497

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XDwhich could cause arbitrary application execution when the computer starts...

CVE-2020-5752

Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges...

CVE-2020-9647

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting dom-based vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser...

CVE-2020-19709

Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary web or HTML via a crafted payload...

CVE-2020-19265

A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...

CVE-2018-21244

An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029...

CVE-2013-0150

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execut...

CVE-2010-1517

The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to 1 download arbitrary programs onto a client system, and execute these programs, via vectors involving the dl method; and 2 download arbitrary programs onto a client system via vectors involving the SetDLInfo method in...

CVE-2017-1000220

soyuka/pidusage =1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution...

CVE-2015-3173

custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution...

CVE-2005-3056

TWiki allows arbitrary shell command execution via the Include function...

CVE-2025-48119 WordPress RS WP Book Showcase plugin <= 6.7.59 - Content Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in RS WP THEMES RS WP Book Showcase rs-wp-books-showcase allows Code Injection.This issue affects RS WP Book Showcase: from n/a through = 6.7.59...

CVE-2025-29688

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java...

CVE-2024-10075 Jetpack < 13.8 - Unauthenticated Arbitrary Block & Shortcode Execution

The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block...

CVE-2025-29691

CVE-2025-29691 affects OA System prior to v2025.01.01. The vulnerability is a cross-site scripting (XSS) issue in the login flow, triggered by crafting payloads injected into the userName parameter in /login/LoginsController.java. Documented impact is arbitrary web scripts/HTML execution. A patch...

The vulnerability of the IBM Verify Identity Access system (formerly IBM Security Verify Access) relates to improper code generation, allowing a perpetrator to execute arbitrary code.

The vulnerability of the IBM Verify Identity Access system formerly IBM Security Verify Access is related to improper code generation. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code...

CVE-2025-43843

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables expdir1, np7 and f0method8 take user input and pass it into the extractf0feature function, which concatenates them into a command th...