44987 matches found
CVE-2025-52600
CVE-2025-52600 affects Hanwha Vision cameras; vulnerability in camera video analytics due to improper input validation could allow a remote attacker to execute commands on the host PC. Patch firmware has been released by the manufacturer. Connected Nessus/NVD entries reiterate the same descriptio...
Hanwha Vision Camera 安全漏洞
Hanwha Vision Camera is a series of cameras from Hanwha Vision, a South Korean company. A security vulnerability exists in Hanwha Vision Camera that stems from improper input validation in the camera's video analytics, which could lead to an attacker executing specific commands on the user's host...
PT-2025-53446
Name of the Vulnerable Software and Affected Versions Camera Video Analytics Software affected versions not specified Description A flaw exists in camera video analytics software related to improper input validation. This could allow an attacker to execute commands on a user’s host PC...
Malicious code in bettermode-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ade97c888752f20137524d28c5b49359ed4187da5edcecb60ead623f40aba3c The package bettermode-common was found to contain malicious code. Source: ghsa-malware...
CVE-2025-3232
A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands...
CVE-2019-25257 LogicalDOC Enterprise 7.7.4 Authenticated Command Execution via Binary Path Manipulation
LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command,...
CVE-2019-25257 LogicalDOC Enterprise 7.7.4 Authenticated Command Execution via Binary Path Manipulation
LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command,...
CVE-2019-25243 FaceSentry 6.4.8 Authenticated Remote Command Injection via Ping Test
FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort'...
CVE-2018-25135 Anviz AIM CrossChex Standard 4.3.6.0 CSV Injection via User Import
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing...
CVE-2018-25135 Anviz AIM CrossChex Standard 4.3.6.0 CSV Injection via User Import
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing...
riello-multiple-vulnerabilities-2025
Riello UPS with NetMan 208 - Vulnerability Disclosure During...
CVE-2025-25364
A command injection vulnerability in the me.connectify.SMJobBlessHelper XPC service of Speedify VPN up to v15.0.0 allows attackers to execute arbitrary commands with root-level privileges...
Microhard Systems IPn4G 安全漏洞
Microhard Systems IPn4G is a cellular wireless gateway from Microhard Canada. A security vulnerability exists in Microhard Systems IPn4G version 1.1.0 that originates from a restricted shell that can be escaped via a customized ping command, which could result in the execution of commands with ro...
PT-2025-53343
Name of the Vulnerable Software and Affected Versions LogicalDOC Enterprise version 7.7.4 Description The software contains multiple authenticated operating system command execution flaws. These flaws permit attackers to manipulate binary paths when altering system settings. Exploitation involves...
Advantech WebAccess/SCADA SQL Injection Vulnerability
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. An SQL injection vulnerability exists in...
TencentOS Server 4: edk2 (TSSA-2025:0967)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0967 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
CVE-2025-66210
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/service management permissions to execute...
CVE-2025-67109
Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges...
Exploit for Code Injection in Laravel Livewire
Livepyre A tool designed to exploit CVE-2025-54068 an...
CVE-2025-11542
Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs...