CVE-2026-5208 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in coolercontrold

Command injection in alerts in CoolerControl/coolercontrold 4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names...

EUVD-2026-19918

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Inside the reusable workflow dbt-labs/actions/blob/main/.github/workflows/open-issue-in-repo.yml, the prep job uses peter-evans/find-comment to search for an...

CVE-2026-25063

CVE-2026-25063 affects the gradle-completion project (Bash and Zsh completion for Gradle). The issue is a command injection in the Bash completion logic up to and including version 9.3.0, where Gradle task names or descriptions containing backticks can be evaluated as shell commands during Bash t...

VulnCheck KEV: CVE-2020-11963

IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configurati...

CVE-2024-58294

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to...

CVE-2024-58294

CVE-2024-58294 affects FreePBX 16. An authenticated remote code execution vulnerability exists in the API module, exploitable by crafting malicious POST requests to the generatedocs endpoint with bash command injection to gain remote shell access. This is documented across multiple sources (NVD, ...

PT-2025-50748

Name of the Vulnerable Software and Affected Versions FreePBX version 16 Description FreePBX version 16 contains an authenticated remote code execution issue in the API module. An attacker with valid session credentials can execute arbitrary commands. The issue is exploitable through the...

EUVD-2020-20049

Malware in sbrugna...

GHSA-CXM3-WV7P-598C Malicious versions of Nx were published

Summary Malicious versions of the nx package, as well as some supporting plugin packages, were published to npm, containing code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts. Immediate Actions Required For all users, check if you were...

CVE-2020-11963

IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configurati...

NetIQ Advanced Authentication 安全漏洞

NetIQ Advanced Authentication is an application from NetIQ UK. It provides a more secure way to protect your sensitive information by moving away from usernames and passwords. A command execution vulnerability exists in NetIQ Advanced Authentication versions prior to 6.3.5.1, which can be exploit...

CVE-2023-31446

In Cassia Gateway firmware XC10002.1.1.2303082218 and XC20002.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup...

CVE-2023-31465

An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named argx, with x an integer starting from 1; it is possible t...

Exploit for Incorrect Default Permissions in Askey Rtf3505Vw-N1_Firmware

Privilege-escalation-ASKEY-Router-RTF3505VW-N1 CVE-2022-47040...

CVE-2020-27540

Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run...

CVE-2020-27542

Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code including network settings. The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command without...

CVE-2020-27540

Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run...

Design/Logic Flaw

Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run...

Rostelecom CS-CSHW Command Injection Vulnerability

A security vulnerability exists in Rostelecom CS-C2SHW 5.0.082.1, which can be exploited by an attacker for bash injection...

CVE-2020-27540

Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run...