44797 matches found
CVE-2025-64090
This vulnerability allows authenticated attackers to execute commands via the hostname of the device...
CVE-2025-64091
This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device...
CVE-2026-22601
OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary path and sending a test email. This issue has been patched in version 16.6.2...
CVE-2023-54339 Webgrind 1.1 - Remote Command Execution (RCE) via dataFile Parameter
Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27'...
CVE-2023-54339
Webgrind 1.1 is affected by a remote command execution vulnerability in index.php via the unvalidated dataFile parameter. An unauthenticated attacker can inject and execute OS commands (example payload: '0%27%26calc.exe%26%27'). The issue stems from dataFile handling, enabling arbitrary system co...
CVE-2026-0855
Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device...
CVE-2023-54329 Inbit Messenger 4.9.0 - Unauthenticated Remote Command Execution (RCE)
Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by exploiting a stack overflow in the messenger's protocol. Attackers can send specially crafted XML packets to port 10883 with a malicious payload t...
CVE-2023-54329
Inbit Messenger 4.6.0–4.9.0 is affected by an unauthenticated remote command execution via a stack overflow in the messenger’s protocol. The vulnerability allows attackers to send specially crafted XML packets to TCP port 10883 to trigger execution of arbitrary commands with system privileges. Th...
CVE-2023-54329 Inbit Messenger 4.9.0 - Unauthenticated Remote Command Execution (RCE)
Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by exploiting a stack overflow in the messenger's protocol. Attackers can send specially crafted XML packets to port 10883 with a malicious payload t...
CVE-2022-50806 4images 1.9 - Remote Command Execution (RCE)
4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php...
CVE-2022-50806
CVE-2022-50806 affects 4images 1.9. The vulnerability is a remote command execution where authenticated administrators can inject reverse shell code through the template editing feature and execute commands via categories.php with a crafted cat_id parameter. Exploitation details and affected comp...
Malicious website can execute commands on the local system through XSS in the OpenCode web UI
Summary A malicious website can abuse the server URL override feature of the OpenCode web UI to achieve cross-site scripting on http://localhost:4096. From there, it is possible to run arbitrary commands on the local system using the /pty/ endpoints provided by the OpenCode API. Code execution vi...
EUVD-2026-2092
OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution...
GHSA-VXW4-WV6M-9HHH OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution
Previously reported via email to [email protected] on 2025-11-17 per the security policy in opencode-sdk-js/SECURITY.md. No response received. Summary OpenCode automatically starts an unauthenticated HTTP server that allows any local process—or any website via permissive CORS—to execute arbitrary...
Arbitrary Command Injection
Overview renovate is a dependency updater. Affected versions of this package are vulnerable to Arbitrary Command Injection due to the improper sanitazation of user-supplied repository in the Chart.yaml file in the helmv3 manager. An attacker can execute arbitrary commands on the host system by...
CVE-2025-37175
Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary comman...
CVE-2025-37171
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...
CVE-2025-37175
Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary comman...
CVE-2025-37175 Authenticated Arbitrary File Upload Vulnerability in AOS-10 or AOS-8 Web-Based Management Interface
Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary comman...
CVE-2025-37175
The CVE-2025-37175 entry concerns Aruba Networks ArubaOS (AOS-8 and AOS-10) web-based management interfaces. The connected NCSC advisory confirms that vulnerabilities in AOS-8/AOS-10 include arbitrary file deletion, stack overflow, command injection, and improper input handling, which could allow...