CVE-2019-10804

serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation...

CVE-2019-10801

enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization...

CVE-2019-18249

Reliable Controls MACH-ProWebCom/Sys, all versions prior to 2.15 Firmware versions prior to 8.26.4, may allow attacker to execute commands on behalf of the user when an authenticated user clicks on a malicious link...

CVE-2012-4981

Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability...

CVE-2019-6014

DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface...

CVE-2019-19117

/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2PSG1218 V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter...

CVE-2013-3509

html/System-NeDi.php in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the scan functionality in the System / NeDi menu...

CVE-2025-46725

Langroid is a Python framework to build large language model LLM-powered applications. Prior to version 0.53.15, LanceDocChatAgent uses pandas eval through computefromdocs. As a result, an attacker may be able to make the agent run malicious commands through QueryPlan.dataframecalc compromising t...

Command Execution Vulnerability in SuperMap iServer of Beijing SuperMap Software Co.

SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel, providing full-featured GIS service publishing, management and aggregation capabilities, and supporting multi-level extension development. A command execution vulnerability exists in SuperMap...

CVE-2025-45798

A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cstemodules/system.so library, specifically in the processing of the IpTo parameter...

CVE-2025-45798

A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cstemodules/system.so library, specifically in the processing of the IpTo parameter...

CVE-2025-45798

A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cstemodules/system.so library, specifically in the processing of the IpTo parameter...

RLSA-2024:6197 Moderate: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: format string injection leads to shell command execution SAFER bypass...

TOTOLINK A950RG/A810R Command Execution Vulnerability

TOTOLINK A950RG and TOTOLINK A810R are both products of China's Gion Electronics TOTOLINK.TOTOLINK A950RG is a super-generation Giga wireless router.TOTOLINK A810R is a wireless dual-band router. A command execution vulnerability exists in the TOTOLINK A950RG and TOTOLINK A810R, which stems from...

CVE-2025-46816

goshs is a SimpleHTTPServer written in Go. Starting in version 0.3.4 and prior to version 1.0.5, running goshs without arguments makes it possible for anyone to execute commands on the server. The function dispatchReadPump does not checks the option cli -c, thus allowing anyone to execute arbitra...

Command Execution Vulnerability in MaxKB at Hangzhou Feizhiyun Information Technology Co.

MaxKB is an open source knowledge base Q&A system based on big language model and RAG under Hangzhou Feizhiyun Information Technology Co. MaxKB has a command execution vulnerability that can be exploited by attackers to execute commands...

CVE-2025-45800

TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cstemodules/global.so library, specifically in the processing of the deviceMac parameter...

CVE-2025-45800

TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cstemodules/global.so library, specifically in the processing of the deviceMac parameter...

CVE-2025-45800

TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cstemodules/global.so library, specifically in the processing of the deviceMac parameter...

CVE-2025-45800

Totolink A950RG (version 4.1.2cu.5204_B20210112) contains a command execution vulnerability in the setDeviceName interface, specifically in the processing of the deviceMac parameter within /lib/cste_modules/global.so. The issue is triggered via network access to the interface and could allow an a...