Delta Electronics DIAView Command Injection Vulnerability

Delta Electronics DIAView is an industrial configuration software from Delta Electronics, mainly used in SCADA systems. A command injection vulnerability exists in Delta Electronics DIAView, which can be exploited by an attacker to execute arbitrary commands on the system...

📄 Moodle 4.x PHP Code Injection

This proof of concept demonstrates a code injection vulnerability in Moodle versions 4.x. ============================================================================================================================================= | Title : Moodle 4.x PHP Code Injection Vulnerability | | Author ...

Exploit for Unrestricted Upload of File with Dangerous Type in Gvectors Wpdiscuz

wpDiscuz-7.0.4-PoC-RCE - wpDiscuz 7.0.4 - Unauthenticated RCE...

CVE-2026-0709

Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution...

CVE-2026-24729

An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands via a malicious class file...

CVE-2026-25046

Kimi Agent SDK is a set of libraries that expose the Kimi Code Kimi CLI agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $cmd could execute...

CVE-2025-51958

aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php...

EUVD-2020-30949

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...

Malicious code in sharedclasses (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d92097d15ef8e4712a31a9d8abdaecd9e1afa7d718078fda3457ed45ef6a1c6 The package sharedclasses was found to contain malicious code. Source: ossf-package-analysis...

CVE-2020-37027

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...

MAL-2026-611 Malicious code in mbo-letters-cl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d367723532d1a3f90f88a1d23230230dafb47b5f26a68af29aafda36084f5417 The package mbo-letters-cl was found to contain malicious code. Source: ossf-package-analysis...

CVE-2020-37027 Sickbeard 0.1 - Remote Command Injection

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...

CVE-2020-37023 Koken CMS 0.22.24 - Arbitrary File Upload

Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy a...

CVE-2020-37023

Koken CMS 0.22.24 has an arbitrary file upload vulnerability. Authenticated attackers can bypass extension checks by renaming PHP files and upload them with system command execution capabilities, via manipulated file upload requests (e.g., through a web proxy). The impact is high (C/V). No remedi...

CVE-2020-37023

Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy a...

GHSA-JFPC-WJ3M-QW2M CAI find_file Agent Tool has Command Injection Vulnerability Through Argument Injection

Summary The CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with shell=True, allowing attackers to execute arbitrary commands on the host system. Vulnerable...

CAI find_file Agent Tool has Command Injection Vulnerability Through Argument Injection

Summary The CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with shell=True, allowing attackers to execute arbitrary commands on the host system. Vulnerable...

CVE-2025-51958

aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php...

Malicious code in euskalplantxa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa75d57475518e4ef5865992ffdf7b0137f3af90a6672bb44113312d6598fe5f The package euskalplantxa was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-22623

Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages...