45043 matches found
CVE-2025-20338
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments th...
CVE-2025-52906 TOTOLINK X6000R Command Injection Vulnerability
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360B20241207...
CVE-2025-20338
CVE-2025-20338 affects Cisco IOS XE Software CLI. The root cause is insufficient validation of user-supplied arguments passed to specific CLI commands, allowing an authenticated administrator (level 15) to craft CLI input that can execute arbitrary commands as root on the device. According to Cis...
CVE-2025-20334
Cisco IOS XE Software HTTP API Command Injection vulnerability (CVE-2025-20334) in the HTTP API subsystem allows an attacker to execute commands with root privileges due to insufficient input validation. A remote attacker with administrative privileges can exploit via an API call with crafted inp...
CLSA-2025-1758728428 spamassassin: Fix of 2 CVEs
CVE-2020-1930: fix command-execution vulnerability in SpamAssassin .cf parsing - CVE-2020-1931: fix command-execution vulnerability in SpamAssassin .cf parsing...
CVE-2025-36202
IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source...
New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus
Cybersecurity researchers have disclosed details of a new malware family dubbed YiBackdoor that has been found to share "significant" source code overlaps with IcedID and Latrodectus. "The exact connection to YiBackdoor is not yet clear, but it may be used in conjunction with Latrodectus and Iced...
PT-2025-39305
Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the HTTP API subsystem of Cisco IOS XE Software that may allow a remote attacker to inject commands that will execute with root privileges on the underlying...
PT-2025-39306
Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the Command Line Interface CLI of Cisco IOS XE Software that could allow a local attacker with administrative privileges to execute arbitrary commands as root o...
Cisco IOS XE 命令注入漏洞
Cisco IOS XE is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. Cisco IOS XE suffers from a command injection vulnerability that stems from insufficie...
CVE-2025-59545 DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed...
DNN Vulnerable to Stored Cross-Site Scripting (XSS) in the Prompt module
Summary The Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized for display elsewhere, can be executed when processed through certain commands, leading to potential script execution XSS. Description The application sanitizes most user-submitted...
PT-2025-39191
Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 10.1.0 Description DNN formerly DotNetNuke is an open-source web content management platform. The Prompt module allows execution of commands that can return raw HTML. Malicious input, even if sanitized...
TalentSys Inka.Net 代码问题漏洞
TalentSys Inka.Net is a human resource management system from TalentSys Turkey. A code issue vulnerability exists in TalentSys Inka.Net versions prior to 6.7.1, which stems from allowing the upload of dangerously typed files, which could lead to command injection...
CVE-2025-59532
Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This log...
CVE-2025-59532 Codex has sandbox bypass due to bug in path configuration logic
Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This log...
CVE-2025-59532 Codex has sandbox bypass due to bug in path configuration logic
Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This log...
CVE-2025-57685
The LB-Link routers, including the BL-AC2100AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000AE4 v2.4.9, BL-AC1900AZ2 v1.0.2, BL-X26AC8 v1.2.8, and BL-LTE300DA4 V1.2.3 models, are vulnerable to unauthorized command injection. Attackers can exploit this vulnerability by accessing the /goform/setserialcfg...
CVE-2025-57439
Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into the configuration, which is then executed on the server. This allows full system compromise, including reverse...
`git-comiters` Command Injection vulnerability
Background on the vulnerability This vulnerability manifests with the library's primary exported API: gitCommitersoptions, callback which allows specifying options such as cwd for current working directory and revisionRange as a revision pointer, such as HEAD. However, the library does not saniti...