CVE-2019-12840

In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi...

CVE-2019-12569

A vulnerability in Viber before 10.7.0 for Desktop Windows could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow...

CVE-2019-12767

An issue was discovered on D-Link DAP-1650 devices before 1.04B02J65H Hot Fix. Attackers can execute arbitrary commands...

CVE-2019-12112

An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected...

CVE-2019-12839

In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration txtSendmailPath parameter that allows authenticated attackers to achieve arbitrary command execution...

CVE-2019-12392

Anviz access control devices allow remote attackers to issue commands without a password...

CVE-2019-12185

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the we...

CVE-2019-12725

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters...

CVE-2019-12868

app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP fileexists function is used with user-controlled entries, and phar:// URLs trigger deserialization...

CVE-2019-12132

An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected...

CVE-2019-12123

An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected...

CVE-2019-12811

ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via the ShellOpen method. This can be leveraged for code execution...

CVE-2019-12585

Apcupsd 0.3.915, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsdstatus.php...

CVE-2019-12744

SeedDMS before 5.1.11 allows Remote Command Execution RCE because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940...

CVE-2019-12812

MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbitrary command via specifically crafted configuration file. This can be leveraged for code execution...

CVE-2025-1137

IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization...

CVE-2025-1951

IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges...

CVE-2025-1907

Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected...

CVE-2025-64419

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...

CVE-2025-61492

The CVE describes a command injection in terminal-controller-mcp 0.1.7, specifically in the execute_command function. Attackers can inject commands via crafted input to achieve arbitrary command execution, with the CVSSv3.1 scoring indicating network access, low attack complexity, and no privileg...