45044 matches found
`git-comiters` Command Injection vulnerability
Background on the vulnerability This vulnerability manifests with the library's primary exported API: gitCommitersoptions, callback which allows specifying options such as cwd for current working directory and revisionRange as a revision pointer, such as HEAD. However, the library does not saniti...
CVE-2025-36202
IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source...
CVE-2025-36202
IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source...
D-Link DIR-823X 命令注入漏洞
The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability due to a flaw in the /usr/sbin/goahead file. An attacker can exploit this vulnerability to execute arbitrary commands on the system...
OpenAI Codex CLI 输入验证错误漏洞
OpenAI Codex CLI is an OpenAI open source lightweight coding agent software that runs in the terminal. An input validation error vulnerability exists in OpenAI Codex CLI versions 0.2.0 through 0.38.0, which stems from an error in the sandbox configuration logic and could lead to arbitrary file...
WAFTest
This repository is an offensive tool for testing web application firewalls WAFs. It contains a collection of test cases and scripts to evaluate the effectiveness of WAFs against various types of attacks. The tool includes test cases for common web application vulnerabilities such as: Command...
CVE-2025-57296
Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the subADBC0 helper function concatenates these user-supplied values into...
CVE-2023-49565
The cbismanager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen Python function without...
CVE-2025-57293
A command injection vulnerability in COMFAST CF-XR11 firmware V2.7.2 exists in the multipppoe API, processed by the sub423930 function in /usr/bin/webmgnt. The phyinterface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST request to...
SUSE CVE-2025-54123
Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. The vulnerability exists i...
Codex has sandbox bypass due to bug in path configuration logic
Due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This logic bypassed the intended workspace boundary and enables arbitrary file writes and comman...
Security update for bluez
This update for bluez fixes the following issues: CVE-2023-45866: keystroke injection and arbitrary command execution via HID device connections bsc1217877. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Exploit for CVE-2025-49113
CVE-2025-49113 - Roundcube Webmail Remote Code Execution Vulne...
PT-2025-38640
CVE-2025-59670 - Adobe Flash Arbitrary Command Execution Vulnerability CVE ID : CVE-2025-59670 Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...
CVE-2025-57296
The CVE-2025-57296 entry concerns Tenda AC6 router firmware 15.03.05.19. The formSetIptv function handles /goform/SetIPTVCfg requests and, when processing list and vlanId, uses a sub_ADBC0 helper that concatenates user-supplied values into nvram set system commands via doSystemCmd without validat...
📄 aaPanel 7.x.x Remote Command Execution
aaPanel version 7.x.x suffers from an authenticated remote command execution vulnerability. This was discovered prior and noted in CVE-2020-14421 where it states that it affects versions 6.6.6 and below. The developers claim it is patched but it still affects the 7.x.x version. This is...
CVE-2025-37126
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as...
CVE-2025-10035
CVE-2025-10035 – GoAnywhere MFT deserialization flaw in the License Servlet allows an attacker with a forged license response signature to deserialize attacker-controlled data, potentially enabling command injection and remote code execution. Public analyses indicate the vulnerability affects GoA...
CVE-2025-10035 Deserialization Vulnerability in GoAnywhere MFT's License Servlet
A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection...
CVE-2025-36143
IBM Lakehouse watsonx.data 2.2 could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input...