45044 matches found
CVE-2025-36143
IBM Lakehouse watsonx.data 2.2 could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input...
CVE-2025-36143 IBM watsonx.data command execution
IBM Lakehouse watsonx.data 2.2 could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input...
CVE-2025-36143 IBM watsonx.data command execution
IBM Lakehouse watsonx.data 2.2 could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input...
CVE-2025-36143
IBM Lakehouse watsonx.data 2.2 is affected by an OS command injection vulnerability caused by improper validation of user input. An authenticated privileged user could execute arbitrary commands on the system. The CVE is CVE-2025-36143. Remediation provided in the IBM security bulletin is to upgr...
Security update for bluez
This update for bluez fixes the following issues: CVE-2023-45866: keystroke injection and arbitrary command execution via HID device connections bsc1217877. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:03269-1 Security update for bluez
This update for bluez fixes the following issues: - CVE-2023-45866: keystroke injection and arbitrary command execution via HID device connections bsc1217877...
UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation vulnerable to cross-site scripting
Overview UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2025-8153 RyotaK of GMO Flatt Security Inc. reported this vulnerability to NEC Corporation and coordinated. After the coordination was completed, NEC...
CVE-2023-49565
The cbismanager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen Python function without...
CVE-2023-49565
The CVE-2023-49565 entry concerns the cbis_manager Podman container. The vulnerability allows remote command execution through the /api/plugins endpoint due to improper sanitization of HTTP headers X-FILENAME, X-PAGE, and X-FIELD, which are directly used by a subprocess.Popen call without suffici...
TOTOLINK X6000R sub_417D74 function command injection vulnerability
TOTOLINK X6000R is a wireless router supporting Wi-Fi 6 technology from China's Gion Electronics TOTOLINK, focusing on high concurrent connections and dual-band transmission capabilities. The TOTOLINK X6000R suffers from a command injection vulnerability that stems from the failure to properly...
IBM Watsonx.data 操作系统命令注入漏洞
IBM Watsonx.data is an open data lake warehouse platform from International Business Machines IBM. An operating system command injection vulnerability exists in IBM Watsonx.data version 2.2 that stems from not properly validating user input and can be exploited by an attacker to cause a privilege...
PT-2025-38413
Name of the Vulnerable Software and Affected Versions IBM Lakehouse version 2.2 Description IBM Lakehouse version 2.2 may allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user-supplied input. Recommendations At the moment, there is n...
CVE-2025-9972
Certain models of Industrial Cellular Gateway developed by Planet Technology have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the device...
CVE-2025-57174
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all...
SUSE SLES15: libpcp-devel / libpcp3 / libpcp_gui2 / libpcp_import1 / libpcp_mmv1 / etc (SUSE-SU-2025:03233-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03233-1 advisory. - CVE-2024-3019: exposure of the redis server backend allows remote command execution via pmproxy bsc1222121. Tenable has extracted the...
CVE-2025-37129
A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system if the feature is...
CVE-2025-37123
A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with root privileges on...
CVE-2025-37127 Authenticated Replay Attack contains Cryptographic Vulnerability
A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system, potentially...
CVE-2025-37126 Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as...
CVE-2025-37126
CVE-2025-37126 affects HPE Aruba Networking EdgeConnect SD-WAN Gateways via the Command Line Interface. The vulnerability allows remote authenticated users to execute arbitrary commands with root privileges, enabling full OS compromise. Multiple connected sources corroborate authenticated remote ...