EUVD-2025-33394

BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE...

EUVD-2016-10792

AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...

CVE-2016-15047 AVTECH CloudSetup.cgi Authenticated Command Injection

AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...

CVE-2016-15047

CVE-2016-15047 (AVTECH CloudSetup.cgi): Authenticated OS command injection via the exefile parameter in CloudSetup.cgi. The parameter is passed to system command execution without proper validation/whitelisting, enabling an authenticated attacker to run arbitrary commands as root and potentially ...

CVE-2025-4615

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI...

EUVD-2025-33376

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the template creation pages that, when visited by another user, enable the attacker to execute commands with the target's...

EUVD-2025-33371

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's...

CVE-2025-4615 PAN-OS: Improper Neutralization of Input in the Management Web Interface

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI...

CVE-2025-4615

The CVE-2025-4615 entry concerns Palo Alto Networks PAN-OS management web interface. An improper input neutralization vulnerability allows an authenticated administrator to bypass system restrictions and execute arbitrary commands. Affected PAN-OS versions are indicated in Nessus plugin reference...

CVE-2025-59991

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Management pages that, when visited by another user, enable the attacker to execute commands with the target's...

CVE-2025-59993

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Space Node Setting fields that, when visited by another user, enable the attacker to execute commands with the target...

Directory Traversal

Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Directory Traversal via gitdumper. An attacker can execute arbitrary commands by crafting a malicious git repository. Details A Directory Traversal attack also known as path traversal aims to...

CVE-2025-60009 Junos Space: CLI Configlet page is vulnerable to reflected cross-site script injection

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the CLI Configlet page that, when visited by another user, enables the attacker to execute commands with the target's...

CVE-2025-59999 Junos Space: API Access Profiles page is vulnerable to reflected cross-site script injection

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the API Access Profiles page that, when visited by another user, enables the attacker to execute commands with the target...

CVE-2025-10283

BBOT's gitdumper module could be abused to execute commands through a malicious git repository...

CVE-2025-59993 Junos Space: Space Node Setting fields are vulnerable to reflected cross-site script injection

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Space Node Setting fields that, when visited by another user, enable the attacker to execute commands with the target...

CVE-2025-59978

CVE-2025-59978 is a Cross-Site Scripting vulnerability in Juniper Networks Junos Space (pre-24.1R4). The issue arises from improper neutralization of input during web page generation, allowing an attacker to store script tags in web pages that, when viewed by another user, can execute commands wi...

CVE-2025-10283

BBOT’s gitdumper module is vulnerable due to insufficient sanitization of .git data, enabling Directory Traversal that can lead to Remote Code Execution when processing a malicious git repository. Affected component: bb ot gitdumper.py (processing of .git/config and related index/file handling as...

EUVD-2025-33343

scio is vunerable to Remote Command Execution through PyTorch...

GHSA-M9MP-6X32-5RHG scio is vunerable to Remote Command Execution through PyTorch

Impact PyTorch reported a critical vulnerability when using torch.load, even with option weightsonly=True, for torch = 2.6, starting from scio = 1.0.1 currently in dev state. Workarounds You can manually check that you are using torch = 2.6...