56 matches found
CVE-2026-42086
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...
EUVD-2026-27061
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...
📄 dcontrol 1.0.9 Remote Code Execution
dcontrol version 1.0.9 suffers from an unauthenticated remote code execution vulnerability via the /control-api/monitor/open endpoint. Exploit Title: dcontrol v1.0.9 - Unauthenticated Remote Code Execution RCE Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage:...
CVE-2026-23814 Authenticated Command Injection found in AOS-CX CLI Command
A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior...
PT-2026-24569
Name of the Vulnerable Software and Affected Versions AOS-CX affected versions not specified Description A flaw exists in the command parameters of a specific AOS-CX CLI command. A low-privilege authenticated remote attacker could exploit this to inject malicious commands, potentially causing...
CVE-2021-47747
CVE-2021-47747 affects meterN 1.2.3 and describes an authenticated remote code execution vulnerability in admin_meter2.php and admin_indicator2.php. The issue allows an attacker to submit POST parameters COMMANDx and LIVECOMMANDx to execute arbitrary system commands with administrative privileges...
CVE-2021-47747 meterN 1.2.3 Authenticated Remote Code Execution via Admin Scripts
meterN 1.2.3 contains an authenticated remote code execution vulnerability in adminmeter2.php and adminindicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters to execute arbitrary system commands with administrative privileges...
EUVD-2011-1318
Malware in sbrugna...
EUVD-2021-21866
Malware in sbrugna...
EUVD-2019-3421
Malware in sbrugna...
EUVD-2007-5664
Malware in sbrugna...
EUVD-2008-1310
Malware in sbrugna...
EUVD-2012-4019
Malware in sbrugna...
Command Injection
Overview @samanhappy/mcphub is an A hub server for mcp servers Affected versions of this package are vulnerable to Command Injection via the serverController.ts process. A user can execute arbitrary operating system commands by supplying crafted input to the command or args parameters. Remediatio...
EUVD-2023-32227
Malicious code in bioql PyPI...
EUVD-2023-37277
Malicious code in bioql PyPI...
EUVD-2023-32234
Malicious code in bioql PyPI...
Information Disclosure
github.com/neuvector/neuvector is vulnerable to information disclosure. The vulnerability is due to passwords in Java command parameters being logged in security event logs when a process rule violation occurs, which allows an attacker to obtain sensitive credentials...
Mitrastar GPT-2741GNAC-N2 安全漏洞
Mitrastar GPT-2741GNAC-N2 is a home gateway device from China-based Allied Technology Mitrastar. A security vulnerability exists in the Mitrastar GPT-2741GNAC-N2 that originates from a root shell that can be obtained via specific command parameters...
CVE-2023-28559
Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload...