18 matches found
CVE-2026-48800
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::valueaNode Parameters.cpp:3658 in the feedUserCmds function and stored in UserCommand.cmd without any validation. When the user clicks the corresponding entry ...
EUVD-2006-6692
Malware in sbrugna...
EUVD-2020-19212
Malware in sbrugna...
EUVD-1999-0065
Malware in sbrugna...
EUVD-2022-26214
Malicious code in bioql PyPI...
EUVD-2024-40428
Malicious code in bioql PyPI...
CVE-2025-41684
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface endpoint tlsiotgensetting...
PT-2025-25188 · Weidmueller · Ie-Sr-2Tx-Wl +2
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers and gain arbitrary command execution with elevated...
CVE-2024-7764
Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting additional SQL commands from user requests. The vulnerability occurs when the generatesql function calls extractsql with the LLM response. An attacker can include a semi-colon between a search data fie...
CVE-2020-5242
openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file...
Mlflow Security Vulnerabilities
Mlflow is an open source platform for machine learning lifecycles. A security vulnerability exists in Mlflow. An attacker exploited the vulnerability to execute commands and access data and model information on a vulnerable computer...
CVE-2023-0164
OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function...
MGASA-2019-0032 Updated spice-vdagent package fixes security vulnerability
Improperly escaped save directory that is passed to the shell allows local attacker with access to the session the agent runs to inject arbitrary commands to be executed CVE-2017-15108...
sudo: Privilege escalation
Background sudo su “do” allows a system administrator to delegate authority to give certain users or groups of users the ability to run some or all commands as root or another user while providing an audit trail of the commands and their arguments. Description The fix present in...
Trillian 0.74 - Remote Denial of Service
Trillian 0.74 - Remote Denial of Service / -------------------------------------------- :::::::::::::::::: trillian 0.7d patch :::::Denial:of:Service::simple:exploit:: -----------------------------l0bstah----- usage :: : trillah name attacked-nick comment:: after patch .74d, exploits, wich use...
Upclient 5.0 b7 - Command Line Argument Buffer Overflow
// source: https://www.securityfocus.com/bid/7703/info upclient has been reported prone to a buffer overflow vulnerability when handling command line arguments of excessive length. It is possible for a local attacker to seize control of the vulnerable application and have malicious arbitrary code...
Qpopper 4.0.x - Remote Memory Corruption
// source: https://www.securityfocus.com/bid/7058/info A memory corruption vulnerability has been discovered in Qpopper version 4.0.4 and earlier. The vulnerability occurs when calling the 'mdef' command and a malicious macro name is supplied. By filling a target buffer with a malicious macro nam...
[SECURITY] [DSA 207-1] New tetex-lib packages fix arbitrary command execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 207-1 [email protected] http://www.debian.org/security/ Martin Schulze December 11th, 2002 http://www.debian.org/security/faq -...