45043 matches found
D-Link DIR-823X Command Execution Vulnerability
The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command execution vulnerability that can be exploited by an attacker to cause code execution due to the setcassword settings interface not filtering special characters in the httpcasswd parameter...
IBM InfoSphere Information Server 操作系统命令注入漏洞
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An operating system command injection vulnerability exists in IBM InfoSphere Information Server...
Western Digital My Cloud 安全漏洞
Western Digital My Cloud is a personal cloud storage device from Western Digital. A security vulnerability exists in Western Digital My Cloud versions prior to 5.31.108, which stems from the user interface not handling input correctly and could lead to remote command execution...
wenkucms 操作系统命令注入漏洞
wenkucms is a content management system by mirweiye personal developer. An OS command injection vulnerability exists in wenkucms 3.4 and earlier versions, which originates from a misuse of the function createPathOne in the file app/common/common.php, which could lead to a remote command injection...
Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability
Fortra GoAnywhere MFT contains a deserialization of untrusted data vulnerability allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection...
Malicious code in com.unity.2d.psdimporter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 988ab6368c4a52337e54f822f3ec3a86cefa2611329d86d870b14d0168dcabc2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
D-Link DIR-823X 命令注入漏洞
The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that can be exploited by an attacker to cause remote command execution...
TOTOLINK X6000R Operating System Command Injection Vulnerability
The TOTOLINK X6000R is a wireless router from TOTOLINK. An operating system command injection vulnerability exists in TOTOLINK X6000R V9.4.0cu.1458B20250708 and prior versions, which stems from a failure to properly filter special elements in user input. An attacker can exploit this vulnerability...
DELL Cloud Disaster Recovery OS Command Injection Vulnerability
DELL Cloud Disaster Recovery is a cloud disaster recovery solution provided by Dell Technologies. DELL Cloud Disaster Recovery suffers from an OS command injection vulnerability that stems from improper neutralization of special elements in OS commands, which can be exploited by an attacker to...
Takedown: How It's Done in Modern Coding Agent Exploits
Coding agents, which are LLM-driven agents specialized in software development, have become increasingly prevalent in modern programming environments. Unlike traditional AI coding assistants, which offer simple code completion and suggestions, modern coding agents tackle more complex tasks with...
CVE-2025-11073 Keyfactor RG-EW5100BE HTTP POST Request cmd command injection
A vulnerability was detected in Keyfactor RG-EW5100BE EW3.0B11P280EW5100BE-PRO12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url results in command injection. The attack can be...
Ruijie RG-EW5100BE 命令注入漏洞
The Ruijie RG-EW5100BE is a wireless router from China Ruijie Ruijie. A command injection vulnerability exists in the Ruijie RG-EW5100BE EW3.0B11P280EW5100BE-PRO12183019 version, which originates from the incorrect operation of the parameter url in the file /cgi-bin/luci/api/cmd, and could lead t...
CVE-2025-59815
This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Exploitation can compromise the device’s availability, confidentiality, and integrity...
CVE-2025-59844
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...
CVE-2025-59844 Argument injection vulnerability in SonarQube Scan Action
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...
CVE-2025-59844 Argument injection vulnerability in SonarQube Scan Action
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...
GHSA-5XQ9-5G24-4G6F Argument injection vulnerability in SonarQube Scan Action
A command injection vulnerability exists in SonarQube GitHub Action prior to v6.0.0 when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This vulnerability bypasses a previous security fix and allows arbitrary command execution, potentially...
Argument injection vulnerability in SonarQube Scan Action
A command injection vulnerability exists in SonarQube GitHub Action prior to v6.0.0 when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This vulnerability bypasses a previous security fix and allows arbitrary command execution, potentially...
Malicious code in zeitwerk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware acaf25aadd93141e9b88e577ad36d4e831f5fa1fbe92d0e8a97fa23404a75214 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-47846 Malicious code in com.unity.device-simulator.devices (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abc462b44ac8ebcd3a4086ec95ca09fa7e919a9e77402cbc606744d36da1ac16 Any computer that has this package installed or running should be considered...