CVE-2020-37023

Koken CMS 0.22.24 has an arbitrary file upload vulnerability. Authenticated attackers can bypass extension checks by renaming PHP files and upload them with system command execution capabilities, via manipulated file upload requests (e.g., through a web proxy). The impact is high (C/V). No remedi...

CVE-2020-37023

Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy a...

CAI find_file Agent Tool has Command Injection Vulnerability Through Argument Injection

Summary The CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with shell=True, allowing attackers to execute arbitrary commands on the host system. Vulnerable...

GHSA-JFPC-WJ3M-QW2M CAI find_file Agent Tool has Command Injection Vulnerability Through Argument Injection

Summary The CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with shell=True, allowing attackers to execute arbitrary commands on the host system. Vulnerable...

CVE-2025-51958

aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php...

Malicious code in euskalplantxa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa75d57475518e4ef5865992ffdf7b0137f3af90a6672bb44113312d6598fe5f The package euskalplantxa was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-0709

Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution...

CVE-2026-22623

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages...

CVE-2026-22623

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages...

CVE-2026-22623

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages...

EUVD-2026-5035

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages...

CVE-2026-22623

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages...

CVE-2026-22623

Technical details about CVE-2026-22623 are not publicly available in the provided documents. Monitor for updates from vendors and security feeds for affected HikSemi NAS products; no exploit vectors or affected versions are stated here.

CVE-2026-0709

Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution...

CVE-2026-0709

Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution...

EUVD-2026-5039

Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution...

CVE-2026-0709

CVE-2026-0709 affects Hikvision Wireless Access Points. The vulnerability is an authenticated command‑execution flaw caused by insufficient input validation, allowing attackers with valid credentials to send crafted packets that execute arbitrary commands on affected devices. The CVSS metrics ind...

CVE-2026-24729 Interinfo DreamMaker - Unrestricted Upload of File with Dangerous Type

An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file...

EUVD-2026-5017

An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file...

CVE-2026-24729

An unrestricted upload of file with dangerous type vulnerability exists in Interinfo DreamMaker’s file upload function, affecting versions before 2025/10/22. The root cause is an insufficient validation of uploaded files, enabling remote attackers to execute arbitrary system commands via a malici...