43 matches found
Command Injection
Overview setup-php is a Setup PHP for use with GitHub Actions Affected versions of this package are vulnerable to Command Injection via the process that resolves PHP version from repository-controlled files such as .php-version, composer.lock, or composer.json and incorporates the value into the...
CVE-2026-32759
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating that the value is...
CVE-2022-33140
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...
JD Cloud BE6500 命令注入漏洞
The JD Cloud BE6500 is a WiFi router from the Chinese company Jingdong JD. A command injection vulnerability exists in the JD Cloud BE6500 version 4.4.1.r4308, which stems from misuse of the parameter ddnsname of the function sub4780 in the file /jdcapi, which could lead to a command injection...
CIRCUTOR SGE-PLC1000和CIRCUTOR SGE-PLC50 安全漏洞
The CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 are both a network concentrator from CIRCUTOR Spain. A security vulnerability exists in the CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 version v9.0.2, which stems from the SetUserPassword function not clearing the newPassword parameter, which could...
EUVD-2020-3446
Malware in sbrugna...
EUVD-2021-24557
Malware in sbrugna...
EUVD-2021-0612
Malware in sbrugna...
EUVD-2020-27957
Malware in sbrugna...
EUVD-2018-11140
Malware in sbrugna...
EUVD-2022-38423
Malicious code in bioql PyPI...
EUVD-2024-21265
Malicious code in bioql PyPI...
EUVD-2025-21393
Malicious code in bioql PyPI...
EUVD-2023-42637
Malicious code in bioql PyPI...
EUVD-2025-21894
Malicious code in bioql PyPI...
EUVD-2025-30225
A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection...
CVE-2025-34187
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...
Linux Distros Unpatched Vulnerability : CVE-2021-41116
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are...
Active Storage allowed transformation methods that were potentially unsafe
Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where...
CVE-2025-34130
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...