PT-2026-38264

Name of the Vulnerable Software and Affected Versions DevSpace versions prior to 6.3.21 Description The UI server WebSocket accepts connections from all origins by default, exposing several endpoints. A malicious website visited by a developer using a browser can establish a cross-origin WebSocke...

CVE-2019-25441

thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the runcommand endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on...

CVE-2019-25441

thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the runcommand endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on...

CVE-2019-25447 OrientDB 3.0.17 Cross-Site Request Forgery

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...

CVE-2019-25447

CVE-2019-25447 concerns OrientDB 3.0.17 GA Community Edition. The connected sources describe cross-site request forgery vulnerabilities that allow an attacker to perform unauthorized actions by crafting requests to endpoints such as /database/, /command/, and /document/. Attackers can create or d...

CVE-2019-25447 OrientDB 3.0.17 Cross-Site Request Forgery

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...

CVE-2019-25441

The CVE-2019-25441 entry concerns thesystem 1.0, where an unauthenticated attacker can trigger a command injection via the run_command endpoint. The vulnerability allows posting shell commands in the command parameter to execute arbitrary system commands on the server. Impact is described as HIGH...

PT-2026-21316

🚨 CVE-2019-25441 thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run command endpoint. Attackers can send POST requests with shell commands in the command parameter to execute...

thesystem 操作系统命令注入漏洞

thesystem is a password management project developed by Kostas Mitroglou. Version 1.0 of thesystem contains a vulnerability related to operating system command injection. This vulnerability stems from the runcommand endpoint, which allows for command injection, potentially enabling unverified...

Flexense Sync Breeze Enterprise Server and Flexense Disk Pulse Enterprise have cross-site scripting vulnerabilities

Flexense Sync Breeze Enterprise Server and Flexense Disk Pulse Enterprise are both products of Flexense Corporation. Flexense Sync Breeze Enterprise Server is a network file synchronization software. Flexense Disk Pulse Enterprise is a real-time file system monitoring software. Both the Flexense...

Flexense Sync Breeze Enterprise Server and Flexense Disk Pulse Enterprise have cross-site scripting vulnerabilities

Flexense Sync Breeze Enterprise Server and Flexense Disk Pulse Enterprise are both products of Flexense Corporation. Flexense Sync Breeze Enterprise Server is a network file synchronization software. Flexense Disk Pulse Enterprise is a real-time file system monitoring software. Both the Flexense...

CVE-2021-47851

Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary commands through an unauthenticated HTTP endpoint. Attackers can leverage the /op=command endpoint to download and execute payloads by sending crafted JSON requests with malicious script...

CVE-2021-47851 Mini Mouse 9.2.0 - Remote Code Execution

Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary commands through an unauthenticated HTTP endpoint. Attackers can leverage the /op=command endpoint to download and execute payloads by sending crafted JSON requests with malicious script...

EUVD-2026-3609

Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary commands through an unauthenticated HTTP endpoint. Attackers can leverage the /op=command endpoint to download and execute payloads by sending crafted JSON requests with malicious script...

CVE-2021-47851

Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary commands through an unauthenticated HTTP endpoint. Attackers can leverage the /op=command endpoint to download and execute payloads by sending crafted JSON requests with malicious script...

CVE-2021-47851

Mini Mouse 9.2.0 is affected by a remote code execution vulnerability exposed via an unauthenticated HTTP endpoint. The issue allows an attacker to download and execute payloads by sending crafted JSON to /op=command, resulting in arbitrary command execution with network access and high confident...

CVE-2021-47851 Mini Mouse 9.2.0 - Remote Code Execution

Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary commands through an unauthenticated HTTP endpoint. Attackers can leverage the /op=command endpoint to download and execute payloads by sending crafted JSON requests with malicious script...

PT-2026-3804

Name of the Vulnerable Software and Affected Versions Mini Mouse version 9.2.0 Description The software contains a remote code execution issue that allows attackers to execute arbitrary commands. This is possible through an unauthenticated HTTP endpoint, specifically the /op=command endpoint...

EUVD-2025-28866

Malicious code in bioql PyPI...

CVE-2025-43984

An issue was discovered on KuWFi GC111 devices Hardware Version: CPE-LM321V3.2, Software Version: GC111-GL-LM321V3.020191211. They are vulnerable to unauthenticated /goform/goformsetcmdprocess requests. A crafted POST request, using the SSID parameter, allows remote attackers to execute arbitrary...