45045 matches found
Remote Command Execution
n8n and n8n-nodes-base are vulnerable to Remote Command Execution. The vulnerability is due to the Execute Command node allowing arbitrary command execution on the host system, which allows an attacker to exploit insufficient user trust controls to run malicious commands leading to system...
Path Traversal
ZenML is vulnerable to a path traversal. The vulnerability is due to improper validation of file paths during data.tar.gz extraction in the PathMaterializer class, which fails to detect symbolic and hard links, allowing an attacker to write arbitrary files and potentially achieve arbitrary comman...
CVE-2025-65202
TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "nextfile," which allows an attacker to execute arbitrary commands with root privileges...
CVE-2018-25126
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...
CLSA-2025-1764080949 pcp: Fix of CVE-2024-3019
CVE-2024-3019: Fix default pmproxy configuration to restrict access to Redis server backend, preventing remote command execution...
Google Cloud Looker 安全漏洞
Google Cloud Looker is an online tool used by Google, Inc. to transform data into customizable and informative reports and dashboards. A security vulnerability exists in Google Cloud Looker that stems from improper handling of Teradata driver parameters, which could lead to the execution of...
Malicious code in signup-failover (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 312b617198eea306feca99cf5c14a0edb7668482ca605c8e74c2d20f71eddd19 The package signup-failover was found to contain malicious code. Source: ghsa-malware 930d3ccde5bf7b3147cb807fddbc366f04c3185a70a8ff885f106503b657300...
CVE-2025-12740
CVE-2025-12740 affects Looker where a user with Developer role could create a DB2 database connection and, by manipulating LookML, cause Looker to execute a malicious command due to inadequate filtering of the IBM DB2 driver’s parameters. Concrete details across multiple sources confirm the vulne...
EUVD-2025-198628
A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of the driver's parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has...
CVE-2025-12740 Remote Command Execution in Looker via IBM DB2 JDBC drive
A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of the driver's parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has...
TVT NVMS-9000 安全漏洞
The TVT NVMS-9000 is a digital video recorder from China-based Tongwei TVT. A security vulnerability exists in the TVT NVMS-9000 prior to version 1.3.4, which stems from an OS command injection flaw in the inclusion of hardcoded API credentials and configuration services, which could lead to...
PT-2025-47964
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...
Google Cloud Looker 安全漏洞
Google Cloud Looker is an online tool from Google USA for converting data into customizable and informative reports and dashboards. A security vulnerability exists in Google Cloud Looker that stems from insufficient filtering of Denodo driver parameters, which could lead to the execution of...
MAL-2025-191760 Malicious code in hooktest1 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b3e91d71ab21e3575f1354593a314d50bc188b0db7b3851040e522426a765417 During installation, the package starts a code to retrieve and execute commands from Discord --- Category: MALICIOUS - The campaign has clearly malicious inten...
CVE-2025-65946
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7...
Exploit for OS Command Injection in Vsftpd_Project Vsftpd
metasploitable-Security-Assessment comprehensive penetration t...
CVE-2025-65946
Roo Code (AI-powered coding agent) had a validation error before version 3.26.7 that could cause it to automatically execute commands not on the allowed prefixes list. The issue has been patched in version 3.26.7. Affected CVE-2025-65946 entries from multiple feeds confirm the vulnerability and p...
CVE-2025-63408
Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request SSRF, or execute OS commands...
Command Execution Vulnerability in DH2100+ NAS of Shenzhen Greenlink Technology Co.
The DH2100+ NAS is a two-drive network attached storage device designed for home and personal users. A command execution vulnerability exists in the Shenzhen Greenlink DH2100+ NAS, which can be exploited by attackers to remotely execute commands...
MAL-2025-191772 Malicious code in kdewebhelper (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 da8701a407522875f63d2aaa28d27194fe8e2faa4d7782fd66639f224ae62dcd Importing the module connects to a Telegram bot and provides its operator with abilities to execute commands, exfiltrate and encrypt data. The target group see...