K000160857: Appliance mode iControl REST vulnerability CVE-2026-34176

Security Advisory Description When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. CVE-2026-34176 Impact In Appliance mode, this...

CVE-2023-54344

Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in...

PT-2026-33357

Name of the Vulnerable Software and Affected Versions Snowflake Cortex Code CLI versions prior to 1.0.25 Description Improper validation of bash commands allows subsequent commands to execute outside the sandbox. An attacker can embed specially crafted commands in untrusted content, such as a...

EUVD-2026-20455

Command injection in alerts in CoolerControl/coolercontrold 4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names...

CVE-2026-5208

Command injection in alerts in CoolerControl/coolercontrold 4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names...

EUVD-2023-27863

Malicious code in bioql PyPI...

CVE-2023-23777

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters...

Imperva Protects Against the Exploited CVEs in the Cleo Data Theft Attacks

The Clop ransomware group has once again demonstrated its ability to exploit vulnerabilities to compromise sensitive systems. As Cleo—a managed file transfer provider for businesses—grapples with the aftermath of Clop’s targeted attack on their systems, the spotlight turns to CVE-2024-50623 and...

Cleo多款产品 安全漏洞

Cleo LexiCom and others are products of Cleo Corporation.Cleo LexiCom is an integration platform.Cleo Harmony is a file integration solution.Cleo VLTrader is a secure hosted file transfer software. A security vulnerability exists in various Cleo products that originates from the ability of an...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...

PT-2024-41084 · Iptables · Iptables

Name of the Vulnerable Software and Affected Versions: iptables affected versions not specified Description: The issue is related to insecure privilege management in the iptables utility for configuring and managing packet filtering rules in the Linux operating system. Exploitation of this issue...

K000137522: BIG-IP iControl REST vulnerability CVE-2024-22093

Security Advisory Description When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. CVE-2024-22093 Impact This...

Exploit for CVE-2023-47400

CVE-2023-47400 Proof of Concept for the CVE-2023-47400 Aut...

CVE-2023-23777

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters...

Command injection

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters...

CVE-2023-23777

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters...

CVE-2023-23777

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters...

Fortinet FortiWeb 操作系统命令注入漏洞

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content...

KaiOS 命令注入漏洞

KaiOS is an application software. application for smart feature phones. A security vulnerability exists in KaiOS version 3.0 prior to KaiOS 3.1, which stems from the server accepting arbitrary Bash commands and executing them as root, which can be exploited by an attacker to compromise the system...

CVE-2023-33294

An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...