44856 matches found
Samba 操作系统命令注入漏洞
Samba is Samba open source a standard Windows interoperability program suite for Linux and Unix. Samba suffers from an operating system command injection vulnerability that stems from a lack of proper validation or escaping of NetBIOS names in front-end WINS hook processing, which could lead to...
CVE-2025-20354
A vulnerability in the Java Remote Method Invocation RMI process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper authentication mechanis...
foreman: OS command injection via ct_location and fcct_location parameters
A flaw was found in Red Hat Satellite Foreman component. This vulnerability allows an authenticated user with editsettings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting...
PT-2025-45536
CVE-2025-64477 - Apache HTTP Server Unauthenticated Remote Command Execution CVE ID : CVE-2025-64477 Published : Nov. 6, 2025, 4:15 a.m. | 3 hours, 33 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...
CVE-2025-20354
A vulnerability in the Java Remote Method Invocation RMI process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper authentication mechanis...
CVE-2025-20354
A vulnerability in the Java Remote Method Invocation RMI process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper authentication mechanis...
EUVD-2025-37892
A vulnerability in the Java Remote Method Invocation RMI process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper authentication mechanis...
USN-7859-1: Django vulnerabilities
It was discovered that Django incorrectly handled certain characters in queries. An attacker could possibly use this issue to execute arbitrary SQL commands...
Multiple Cisco Contact Center Products Vulnerabilities
Multiple vulnerabilities in Cisco Unified Contact Center Express Unified CCX, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Packaged Contact Center Enterprise Packaged CCE, and Cisco Unified Intelligence Center CUIC could allow an authenticated, remote attacker to disclose sensitive...
CVE-2025-10622
CVE-2025-10622 affects Red Hat Satellite (Foreman) and enables an authenticated user with edit_settings permissions to perform arbitrary OS command execution due to insufficient server-side command whitelisting validation. Connected advisories confirm OS command injection is addressed in RHSA-202...
OS Command Injection
@sequa-ai/sequa-mcp is vulnerable to OS Command Injection. Thee vulnerability is due to improper validation of redirect URLs due to the redirectToAuthorization function opening unvalidated/non-sequa URLs. An attacker can exploit this by supplying a crafted redirect URL to trigger remote OS comman...
[SECURITY] Fedora 43 Update: rust-reqsign-command-execute-tokio-2.0.0-1.fc43
Tokio-based command execution implementation for reqsign...
PT-2025-45091
Name of the Vulnerable Software and Affected Versions Red Hat Satellite Foreman component affected versions not specified Description A flaw exists in Red Hat Satellite’s Foreman component that could allow an authenticated user with edit settings permissions to execute arbitrary commands on the...
Red Hat Satellite 安全漏洞
Red Hat Satellite is a suite of system management platforms from Red Hat, an American company. The platform can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A security vulnerability exists in Red Hat Satelli...
D-Link DNS-343 ShareCenter Command Execution Vulnerability
The D-Link DNS-343 ShareCenter is a network storage device from China's AUO D-Link. The D-Link DNS-343 ShareCenter suffers from a command execution vulnerability that stems from insufficient input validation in the Mail Test feature, which can be exploited by an attacker to execute arbitrary...
CVE-2025-64106
Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the...
CVE-2025-64106
Cursor (code editor with AI) versions 1.7.28 and below contain an input validation flaw in the MCP server installation that allows specially crafted deep-links to bypass security warnings and execute attacker-specified commands when a user accepts the server connection. Affected component: the MC...
CVE-2025-64106 Cursor: Speedbump Modal Bypass in MCP Server Deep-Link
Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the...
CVE-2025-64106 Cursor: Speedbump Modal Bypass in MCP Server Deep-Link
Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the...
CVE-2025-64106 Cursor: Speedbump Modal Bypass in MCP Server Deep-Link
Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the...