Lucene search
K

44991 matches found

OSV
OSV
added 2025/12/11 9:31 p.m.3 views

GHSA-FXMW-JCGR-W44V pgadmin4 has a Meta-Command Filter Command Execution

The PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark EF BB BF or other special byte sequences. The implemented filter uses the function hasmetacommands, which scans raw...

9.1CVSS7.8AI score0.00851EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2025/12/11 9:31 p.m.10 views

pgadmin4 has a Meta-Command Filter Command Execution

The PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark EF BB BF or other special byte sequences. The implemented filter uses the function hasmetacommands, which scans raw...

9.1CVSS7.9AI score0.00851EPSS
Exploits1References6Affected Software1
GithubExploit
GithubExploit
added 2025/12/11 8:1 p.m.148 views

Exploit for Deserialization of Untrusted Data in Facebook React

Next.js React Server Components RCE Exploit Exploits CVE-2025...

10CVSS8.7AI score0.99562EPSS
Exploits372
EUVD
EUVD
added 2025/12/11 7:47 p.m.3 views

EUVD-2025-202871

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input...

8.8CVSS6.8AI score0.00404EPSS
Exploits0References2
NVD
NVD
added 2025/12/11 7:15 p.m.9 views

CVE-2025-56110

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the actiondealupdate in file /usr/lib/lua/luci/controller/api/rcmsAPI.lua...

8.8CVSS0.02666EPSS
Exploits1References3
OSV
OSV
added 2025/12/11 7:15 p.m.4 views

CVE-2025-56111

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the networksetwanconf in file /usr/lib/lua/luci/controller/admin/netport.lua...

8.8CVSS6.1AI score0.02666EPSS
Exploits1References3
OSV
OSV
added 2025/12/11 7:15 p.m.5 views

CVE-2025-56113

OS Command Injection vulnerability in Ruijie RG-YST EST, YSTAP3.01B11P280YST250F V1.xxV2.xx allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua...

8.8CVSS6.1AI score0.01451EPSS
Exploits0References3
NVD
NVD
added 2025/12/11 7:15 p.m.11 views

CVE-2025-56098

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

8.8CVSS0.02244EPSS
Exploits1References3
OSV
OSV
added 2025/12/11 7:15 p.m.6 views

CVE-2025-56097

OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226EW1800GX-PRO10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devconfig/configretain.lua...

8.8CVSS6.1AI score0.02244EPSS
Exploits1References3
OSV
OSV
added 2025/12/11 7:15 p.m.6 views

CVE-2025-56099

OS Command Injection vulnerability in Ruijie RG-YST AP3.01B11P280YST250F allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua...

8.8CVSS6.1AI score0.01451EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/11 7:0 p.m.5 views

CVE-2025-65199

A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and v2.18.8...

7.8CVSS8AI score0.01094EPSS
Exploits1References1
NVD
NVD
added 2025/12/11 6:16 p.m.3 views

CVE-2025-56077

OS Command Injection vulnerability in Ruijie RG-RAP2200E 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...

8.8CVSS0.02482EPSS
Exploits1References3
OSV
OSV
added 2025/12/11 6:16 p.m.10 views

CVE-2025-56083

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V109241521 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrnetworkIdmerge.lua...

8.8CVSS6.1AI score0.01748EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/11 5:32 p.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Orchestrator

Summary Multiple vulnerabilities were addressed in IBM Aspera Orchestrator 4.1.1 Vulnerability Details CVEID:CVE-2025-13211 DESCRIPTION: IBM Aspera Orchestrator could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency...

8.8CVSS8.1AI score0.00404EPSS
Exploits0Affected Software5
Github Security Blog
Github Security Blog
added 2025/12/11 4:48 p.m.12 views

gardenctl is vulnerable to Command Injection when used with non‑POSIX shells

A security vulnerability was discovered in gardenctl when it is used with non‑POSIX shells such as Fish and PowerShell. Such setup could allow an attacker with administrative privileges for a Gardener project to craft malicious credential values in infrastructure Secret objects that break out of...

8.4CVSS7.9AI score0.00204EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/12/11 12:16 p.m.7 views

CVE-2025-64992

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remo...

7.2CVSS0.00758EPSS
Exploits0References1
OSV
OSV
added 2025/12/11 12:16 p.m.4 views

CVE-2025-64992

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remo...

7.2CVSS6.2AI score0.00758EPSS
Exploits0References1
OSV
OSV
added 2025/12/11 12:16 p.m.5 views

CVE-2025-64986

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-DevicesListeningOnAPort instruction prior V21. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands...

7.2CVSS6.2AI score0.0106EPSS
Exploits0References1
NVD
NVD
added 2025/12/11 12:16 p.m.9 views

CVE-2025-64988

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Nomad-GetCmContentLocations instruction prior V19.2. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables...

7.2CVSS0.01035EPSS
Exploits0References1
CVE
CVE
added 2025/12/11 11:29 a.m.24 views

CVE-2025-64993

Summary: CVE-2025-64993 affects TeamViewer DEX (formerly 1E DEX). The issue is a command-injection in the 1E-ConfigMgrConsoleExtensions instructions caused by improper input validation. Impact: authenticated attackers with Actioner privileges can inject arbitrary commands, enabling remote executi...

7.2CVSS7.6AI score0.00758EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder