45044 matches found
Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2025-36251, CVE-2025-36250), insufficiently protected credentials (CVE-2025-36096), and path traversal (CVE-2025-36236)
Summary Vulnerabilities in AIX could allow a remote attacker to execute arbitrary commands CVE-2025-36251, CVE-2025-36250, obtain Network Installation Manager NIM private keys CVE-2025-36096, or traverse directories CVE-2025-36236. These vulnerabilities are addressed through the fixes referenced ...
CVE-2025-11786
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf' without any sanitisation or validation, and then executed using 'system'. This allows a...
CVE-2025-11786
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf' without any sanitisation or validation, and then executed using 'system'. This allows a...
CVE-2025-11786
CVE-2025-11786 affects Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The root cause is in SetUserPassword(): the input parameter newPassword is inserted into a shell command string using sprintf() without sanitisation and then executed with system() . This enables a potential attacker to inject arbitrar...
CVE-2025-35028
By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There...
MAL-2025-191761 Malicious code in hooktest3 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3d1104ab742749c40acd3c4c989dba15890db64fd22f688dea72727fbc5b9d23 During installation, the package starts a code to retrieve and execute commands from Discord --- Category: MALICIOUS - The campaign has clearly malicious inten...
EUVD-2025-200081
Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass...
PT-2025-48744
Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.29 Description Cacti is a performance and fault management framework. A flaw exists in the SNMP device configuration functionality due to insufficient input validation. An authenticated Cacti user can provide crafte...
Cacti 安全漏洞
Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A security vulnerability exists in Cacti versions prior to 1.2.29 that...
Improper Neutralization of Special Elements Used in a Template Engine
Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the Twig processing feature enabled through page frontmatter. An...
CVE-2025-66294 Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Side Template Injection SSTI vulnerability exists in Grav that allows authenticated attackers with editor permissions to execute arbitrary commands on the server and, under certain conditions, may also be exploited by...
CVE-2025-66294
CVE-2025-66294 affects Grav CMS. A Server-Side Template Injection (SSTI) exists due to weak regex validation in the core method cleanDangerousTwig, enabling an authenticated editor to trigger arbitrary commands on the server; in some cases, unauthenticated exploitation is possible. Public materia...
CVE-2024-39148
The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall...
CVE-2024-39148
The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall...
Exploit for OS Command Injection in Postgresql
usage: CVE-2019-9193.py -h -i IP -p PORT -d DATABASE...
PT-2025-48554
Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.8.0-beta.27 Description Grav is a file-based Web platform with a Server-Side Template Injection SSTI issue. Authenticated attackers with editor permissions can execute arbitrary commands on the server. Under certain...
Grav 安全漏洞
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a server-side template injection vulnerability that stems from insufficient regular expression validation of the cleanDangerousTwig...
CVE-2024-39148
CVE-2024-39148 affects KerOS prior to 5.12. The issue is in the wmp-agent service, which does not properly validate the so‑called ‘magic URLs’, allowing an unauthenticated attacker to execute arbitrary OS commands as root if the service is reachable over the network. Documents from Red Hat, ENISA...
Kerlink KerOS 安全漏洞
Kerlink KerOS is an operating system from the French company Kerlink. A security vulnerability exists in Kerlink KerOS versions prior to 5.12 that stems from the wmp-agent service not properly validating magic URLs, which could allow an unauthenticated remote attacker to execute arbitrary OS...
CVE-2025-35028 HexStrike AI MCP Server Command Injection
By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There...