44991 matches found
GHSA-FXMW-JCGR-W44V pgadmin4 has a Meta-Command Filter Command Execution
The PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark EF BB BF or other special byte sequences. The implemented filter uses the function hasmetacommands, which scans raw...
pgadmin4 has a Meta-Command Filter Command Execution
The PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark EF BB BF or other special byte sequences. The implemented filter uses the function hasmetacommands, which scans raw...
Exploit for Deserialization of Untrusted Data in Facebook React
Next.js React Server Components RCE Exploit Exploits CVE-2025...
EUVD-2025-202871
IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input...
CVE-2025-56110
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the actiondealupdate in file /usr/lib/lua/luci/controller/api/rcmsAPI.lua...
CVE-2025-56111
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the networksetwanconf in file /usr/lib/lua/luci/controller/admin/netport.lua...
CVE-2025-56113
OS Command Injection vulnerability in Ruijie RG-YST EST, YSTAP3.01B11P280YST250F V1.xxV2.xx allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua...
CVE-2025-56098
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...
CVE-2025-56097
OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226EW1800GX-PRO10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...
CVE-2025-56099
OS Command Injection vulnerability in Ruijie RG-YST AP3.01B11P280YST250F allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua...
CVE-2025-65199
A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and v2.18.8...
CVE-2025-56077
OS Command Injection vulnerability in Ruijie RG-RAP2200E 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...
CVE-2025-56083
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrnetworkIdmerge.lua...
Security Bulletin: Multiple vulnerabilities in IBM Aspera Orchestrator
Summary Multiple vulnerabilities were addressed in IBM Aspera Orchestrator 4.1.1 Vulnerability Details CVEID:CVE-2025-13211 DESCRIPTION: IBM Aspera Orchestrator could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency...
gardenctl is vulnerable to Command Injection when used with non‑POSIX shells
A security vulnerability was discovered in gardenctl when it is used with non‑POSIX shells such as Fish and PowerShell. Such setup could allow an attacker with administrative privileges for a Gardener project to craft malicious credential values in infrastructure Secret objects that break out of...
CVE-2025-64992
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remo...
CVE-2025-64992
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remo...
CVE-2025-64986
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-DevicesListeningOnAPort instruction prior V21. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands...
CVE-2025-64988
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-GetCmContentLocations instruction prior V19.2. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables...
CVE-2025-64993
Summary: CVE-2025-64993 affects TeamViewer DEX (formerly 1E DEX). The issue is a command-injection in the 1E-ConfigMgrConsoleExtensions instructions caused by improper input validation. Impact: authenticated attackers with Actioner privileges can inject arbitrary commands, enabling remote executi...