CVE-2025-9974

The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able to execute arbitra...

EUVD-2025-206613

The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able to execute arbitra...

CVE-2025-9974

The CVE-2025-9974 entry concerns the unified WEBUI of Nokia ONT/Beacon devices. The issue is an input handling flaw in the WEBUI that, due to insufficient validation of user-supplied data, allows authenticated users with low privileges to trigger system-level command execution on the underlying O...

CVE-2026-24788

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

EUVD-2026-5116

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

PT-2026-5645

Name of the Vulnerable Software and Affected Versions ONT/Beacon devices affected versions not specified Description The unified WEBUI application contains a flaw in how it handles user input. This allows authenticated users to potentially execute commands on the underlying operating system...

Delta Electronics DIAView Command Injection Vulnerability

Delta Electronics DIAView is an industrial configuration software from Delta Electronics, mainly used in SCADA systems. A command injection vulnerability exists in Delta Electronics DIAView, which can be exploited by an attacker to execute arbitrary commands on the system...

📄 Moodle 4.x PHP Code Injection

This proof of concept demonstrates a code injection vulnerability in Moodle versions 4.x. ============================================================================================================================================= | Title : Moodle 4.x PHP Code Injection Vulnerability | | Author ...

Exploit for Unrestricted Upload of File with Dangerous Type in Gvectors Wpdiscuz

wpDiscuz-7.0.4-PoC-RCE - wpDiscuz 7.0.4 - Unauthenticated RCE...

CVE-2026-0709

Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution...

CVE-2026-24729

An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file...

CVE-2026-25046

Kimi Agent SDK is a set of libraries that expose the Kimi Code Kimi CLI agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $cmd could execute...

CVE-2025-51958

aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php...

EUVD-2020-30949

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...

Malicious code in sharedclasses (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d92097d15ef8e4712a31a9d8abdaecd9e1afa7d718078fda3457ed45ef6a1c6 The package sharedclasses was found to contain malicious code. Source: ossf-package-analysis...

CVE-2020-37027

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...

MAL-2026-611 Malicious code in mbo-letters-cl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d367723532d1a3f90f88a1d23230230dafb47b5f26a68af29aafda36084f5417 The package mbo-letters-cl was found to contain malicious code. Source: ossf-package-analysis...

CVE-2020-37027 Sickbeard 0.1 - Remote Command Injection

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...

CVE-2020-37023 Koken CMS 0.22.24 - Arbitrary File Upload

Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy a...

CVE-2020-37023

Koken CMS 0.22.24 has an arbitrary file upload vulnerability. Authenticated attackers can bypass extension checks by renaming PHP files and upload them with system command execution capabilities, via manipulated file upload requests (e.g., through a web proxy). The impact is high (C/V). No remedi...