45029 matches found
RLSA-2025:13941 Important: golang security update
The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages...
CVE-2025-47212 QTS, QuTS hero
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...
MAL-2025-47901 Malicious code in odoo-sfu (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6150db474384025ea6979cd2f9cdfcd33735d897541917f74ee49a6d3ee74c71 The OpenSSF Package Analysis project identified 'odoo-sfu' @ 9.0.1 npm as malicious. It is considered malicious because: - The package...
CVE-2025-59536 Claude Code's startup trust dialog could lead to Command Execution attack
Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires...
IBM InfoSphere 11.7.0.x < 11.7.1.6 SP1 Command Injection (7246170)
The version of IBM InfoSphere Information Server installed on the remote host is 11.7.0 prior to 11.7.1.6 SP1. It is, therefore, affected by a command injection vulnerability, as referenced in the 7246170 advisory. - IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an...
MeteoBridge template.cgi command injection
Added: 10/03/2025 CVE: CVE-2025-4008 Background MeteoBridge is a device which connects personal weather stations to public weather networks. Problem A command injection vulnerability in the MeteoBridge web interface could allow remote, unauthenticated attackers to execute arbitrary commands by...
CVE-2025-59741
AndSoft e-TMS v25.03 suffers an OS command injection that can be triggered by sending a POST request to /CLT/LOGINERRORFRM.ASP with the m parameter. Multiple connected sources (CNVD-2025-23538, NVD/CVE-2025-59741, CNNVD-202510-331, PT-2025-40361) confirm the vulnerability exists and that an attac...
CVE-2025-59740
AndSoft e-TMS v25.03 has an OS command injection vulnerability arising from misuse of the m parameter in /clt/LOGINFRM_CAT.ASP. A crafted POST request can lead to execution of operating system commands on the server. Reported across multiple feeds (CNVD/CNNVD/CVELIST-derived notes; PT-SEC) with n...
CVE-2025-59735
CVE-2025-59735 concerns an operating system command injection in AndSoft’s e-TMS v25.03. The vulnerability arises from the misuse of the POST parameter m in the endpoint /clt/LOGINFRM.ASP , allowing an attacker to execute OS commands on the server. Reported in multiple feeds, the issue is describ...
UBUNTU-CVE-2025-54289
Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format...
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands
...
PT-2025-40332
Name of the Vulnerable Software and Affected Versions Canonical LXD versions prior to 6.5 Canonical LXD version 5.21 through 5.21.4 Description A privilege escalation issue exists in the operations API of Canonical LXD. An attacker with read permissions can hijack terminal or console sessions and...
PT-2025-40651
CVE-2025-61850 - Apache Struts Command Execution CVE ID : CVE-2025-61850 Published : Oct. 2, 2025, 3:15 a.m. | 1 hour, 58 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Smartbedded Meteobridge Command Injection Vulnerability
Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges root on affected devices...
AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC.
...
CVE-2025-10847
DX Unified Infrastructure Management Nimsoft/UIM and below contains an improper ACL handling vulnerability in the robot controller component. A remote attacker can execute commands, read from, or write to the target system...
CVE-2025-10847
CVE-2025-10847 concerns Broadcom’s DX Unified Infrastructure Management (Nimsoft/UIM) robot/controller ACL handling. Connected sources indicate an improper ACL handling flaw that allows a remote attacker to execute commands and read from or write to the target system via the robot component. The ...
CVE-2025-10847 DX UIM Probe Improper ACL Handling RCE
DX Unified Infrastructure Management Nimsoft/UIM and below contains an improper ACL handling vulnerability in the robot controller component. A remote attacker can execute commands, read from, or write to the target system...
PT-2025-40103
Name of the Vulnerable Software and Affected Versions DX Unified Infrastructure Management Nimsoft/UIM versions prior to 8.63 Description The software contains an improper Access Control List ACL handling issue within the robot controller component. A remote attacker may be able to execute...
Broadcom Unified Infrastructure Management 安全漏洞
Broadcom Unified Infrastructure Management is an IT infrastructure monitoring and management platform from Broadcom, Inc. A security vulnerability exists in Broadcom Unified Infrastructure Management that stems from improper handling of access control lists for robotic components, which could...