Lucene search
K

45044 matches found

Github Security Blog
Github Security Blog
added 2025/09/22 6:1 p.m.5 views

`git-comiters` Command Injection vulnerability

Background on the vulnerability This vulnerability manifests with the library's primary exported API: gitCommitersoptions, callback which allows specifying options such as cwd for current working directory and revisionRange as a revision pointer, such as HEAD. However, the library does not saniti...

8.8CVSS7.8AI score0.0228EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/09/22 4:15 p.m.3 views

CVE-2025-36202

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source...

8.8CVSS5.9AI score0.00316EPSS
Exploits0References1
NVD
NVD
added 2025/09/22 4:15 p.m.8 views

CVE-2025-36202

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source...

8.8CVSS0.00316EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.3 views

D-Link DIR-823X 命令注入漏洞

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability due to a flaw in the /usr/sbin/goahead file. An attacker can exploit this vulnerability to execute arbitrary commands on the system...

8.8CVSS8.1AI score0.06115EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.3 views

OpenAI Codex CLI 输入验证错误漏洞

OpenAI Codex CLI is an OpenAI open source lightweight coding agent software that runs in the terminal. An input validation error vulnerability exists in OpenAI Codex CLI versions 0.2.0 through 0.38.0, which stems from an error in the sandbox configuration logic and could lead to arbitrary file...

8.6CVSS7AI score0.00815EPSS
Exploits1References4
Gitee
Gitee
added 2025/09/21 1:12 a.m.171 views

WAFTest

This repository is an offensive tool for testing web application firewalls WAFs. It contains a collection of test cases and scripts to evaluate the effectiveness of WAFs against various types of attacks. The tool includes test cases for common web application vulnerabilities such as: Command...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/09/21 12:11 a.m.16 views

CVE-2025-57296

Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the subADBC0 helper function concatenates these user-supplied values into...

6.5CVSS8.2AI score0.03316EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/09/20 7:31 a.m.15 views

CVE-2023-49565

The cbismanager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen Python function without...

8.4CVSS9AI score0.00756EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/20 12:30 a.m.12 views

CVE-2025-57293

A command injection vulnerability in COMFAST CF-XR11 firmware V2.7.2 exists in the multipppoe API, processed by the sub423930 function in /usr/bin/webmgnt. The phyinterface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST request to...

8.8CVSS7.8AI score0.01679EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2025/09/19 11:22 p.m.2 views

SUSE CVE-2025-54123

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. The vulnerability exists i...

9.8CVSS9.4AI score0.10543EPSS
Exploits7References2
Github Security Blog
Github Security Blog
added 2025/09/19 5:14 p.m.12 views

Codex has sandbox bypass due to bug in path configuration logic

Due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This logic bypassed the intended workspace boundary and enables arbitrary file writes and comman...

8.6CVSS7.4AI score0.00815EPSS
Exploits1References5Affected Software1
SUSE Linux
SUSE Linux
added 2025/09/19 12:18 p.m.2 views

Security update for bluez

This update for bluez fixes the following issues: CVE-2023-45866: keystroke injection and arbitrary command execution via HID device connections bsc1217877. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

6.3CVSS7.4AI score0.07879EPSS
Exploits8References4
GithubExploit
GithubExploit
added 2025/09/19 6:7 a.m.667 views

Exploit for CVE-2025-49113

CVE-2025-49113 - Roundcube Webmail Remote Code Execution Vulne...

9.9CVSS9AI score0.89462EPSS
Exploits29
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.3 views

PT-2025-38640

CVE-2025-59670 - Adobe Flash Arbitrary Command Execution Vulnerability CVE ID : CVE-2025-59670 Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...

6.6AI score
Exploits0References1
CVE
CVE
added 2025/09/19 12:0 a.m.41 views

CVE-2025-57296

The CVE-2025-57296 entry concerns Tenda AC6 router firmware 15.03.05.19. The formSetIptv function handles /goform/SetIPTVCfg requests and, when processing list and vlanId, uses a sub_ADBC0 helper that concatenates user-supplied values into nvram set system commands via doSystemCmd without validat...

6.5CVSS7.8AI score0.03316EPSS
In wildExploits1References3Affected Software1
Packet Storm
Packet Storm
added 2025/09/19 12:0 a.m.355 views

📄 aaPanel 7.x.x Remote Command Execution

aaPanel version 7.x.x suffers from an authenticated remote command execution vulnerability. This was discovered prior and noted in CVE-2020-14421 where it states that it affects versions 6.6.6 and below. The developers claim it is patched but it still affects the 7.x.x version. This is...

9CVSS7.3AI score0.0597EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2025/09/18 10:28 p.m.14 views

CVE-2025-37126

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as...

7.2CVSS7.6AI score0.00599EPSS
Exploits0References1
CVE
CVE
added 2025/09/18 10:1 p.m.461 views

CVE-2025-10035

CVE-2025-10035 – GoAnywhere MFT deserialization flaw in the License Servlet allows an attacker with a forged license response signature to deserialize attacker-controlled data, potentially enabling command injection and remote code execution. Public analyses indicate the vulnerability affects GoA...

10CVSS6.9AI score0.99614EPSS
In wildExploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/18 10:1 p.m.6 views

CVE-2025-10035 Deserialization Vulnerability in GoAnywhere MFT's License Servlet

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection...

10CVSS6.9AI score0.99614EPSS
Exploits2References1
NVD
NVD
added 2025/09/18 4:15 p.m.9 views

CVE-2025-36143

IBM Lakehouse watsonx.data 2.2 could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input...

7.2CVSS0.00315EPSS
Exploits0References1
Rows per page
Query Builder