44987 matches found
CVE-2025-64993
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote...
CVE-2025-64989
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-FindFileBySizeAndHash instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands...
SUSE CVE-2002-0363
ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice...
CVE-2025-56090
OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...
EUVD-2024-55329
FoF Pretty Mail has a server-side template injection vulnerability...
EUVD-2024-55333
Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute...
Typora 操作系统命令注入漏洞
Typora is a Typora open source editor. An operating system command injection vulnerability exists in Typora version 1.7.4, which stems from a command injection in the PDF export preferences that could lead to the execution of arbitrary system commands...
PT-2025-50934
SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...
ATCOM 100M 操作系统命令注入漏洞
ATCOM 100M is an IP phone from ATCOM Greece. An operating system command injection vulnerability exists in ATCOM 100M version 2.7.x.x. The vulnerability stems from a command injection in the web configuration CGI script, which could lead to the execution of arbitrary system commands...
PT-2025-50952
Name of the Vulnerable Software and Affected Versions MineAdmin versions 3.x Description Insecure permissions within the scheduled tasks feature permit attackers to execute arbitrary commands and potentially gain full account control. Recommendations At the moment, there is no information about a...
CVE-2024-58286
dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passwd by exploiting improper input validation...
Improper Neutralization of Special Elements Used in a Template Engine
Overview fof/pretty-mail is a Create HTML email for Flarum Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the email template processing. An authenticated attacker with admin privileges can execute arbitrary system...
CVE-2024-58282
Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables...
CVE-2024-58284
PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands...
CVE-2024-58303
FoF Pretty Mail 1.1.2 has a server-side template injection vulnerability in email template processing that lets an administrator inject code and trigger arbitrary system commands during email generation. Affected component: FoF Pretty Mail (likely package foF/pretty-mail) with internal Blade temp...
CVE-2024-58298 Compuware iStrobe Web 20.13 Pre-Auth Remote Code Execution via File Upload
Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute...
pgadmin4 has a Meta-Command Filter Command Execution
The PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark EF BB BF or other special byte sequences. The implemented filter uses the function hasmetacommands, which scans raw...
GHSA-FXMW-JCGR-W44V pgadmin4 has a Meta-Command Filter Command Execution
The PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark EF BB BF or other special byte sequences. The implemented filter uses the function hasmetacommands, which scans raw...
Exploit for Deserialization of Untrusted Data in Facebook React
Next.js React Server Components RCE Exploit Exploits CVE-2025...
EUVD-2025-202871
IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input...