44800 matches found
CVE-2025-1907
Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected...
CVE-2025-64419
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...
Important: httpd
Issue Overview: Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. CVE-2025-58098 Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Serv...
CVE-2025-61492
The CVE describes a command injection in terminal-controller-mcp 0.1.7, specifically in the execute_command function. Attackers can inject commands via crafted input to achieve arbitrary command execution, with the CVSSv3.1 scoring indicating network access, low attack complexity, and no privileg...
PT-2026-1681
Name of the Vulnerable Software and Affected Versions SmartLiving SmartLAN versions 6.x and earlier Description SmartLiving SmartLAN contains a remote command injection issue in the web.cgi binary. The issue is due to an unsanitized par POST parameter within the 'testemail' module. An attacker ca...
Kieback&Peter Neutrino-GLT 操作系统命令注入漏洞
Kieback&Peter Neutrino-GLT is a building management system from Kieback&Peter, Germany. Kieback&Peter Neutrino-GLT suffers from an operating system command injection vulnerability that stems from a shell command injection in the web component SM70 PHWEB login form, which could lead to the executi...
CVE-2020-36910
Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizardsystem.cgi pages. Attackers can exploit the 'NTPServerIP' parameter with default credentials to execute arbitrary shell commands as root...
CVE-2020-36915 Adtec Digital SignEdje Digital Signage Player v2.08.28 Default Credentials
Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec...
CVE-2020-36910 Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter
Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizardsystem.cgi pages. Attackers can exploit the 'NTPServerIP' parameter with default credentials to execute arbitrary shell commands as root...
New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands
A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system commands on the underlying host. The vulnerability, tracked as CVE-2025-68668 , is rated 9.9 on the CVSS scoring...
Adtec Digital SignEdje Digital Signage Player 安全漏洞
Adtec Digital SignEdje Digital Signage Player is a digital signage player from Adtec Digital, USA. A security vulnerability exists in Adtec Digital SignEdje Digital Signage Player version v2.08.28, which stems from the presence of multiple hardcoded default credentials that could result in gainin...
CVE-2025-64419 Coolify vulnerable to command injection via docker-compose.yaml parameters
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...
CVE-2025-67397
An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection...
Malicious code in faceplate-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06d59e051a3b111ec2ba70071d0c2273f89c30a8eb1c6de75cb69d2eefc08b17 The package faceplate-ui was found to contain malicious code. Source: ghsa-malware 760b2fdc48604bbd4ed6a6251e192cec01c7f27dc59320b0a6e7f5fec3d1c13f A...
Medium: edk2
Issue Overview: EDK2 contains a vulnerability in BIOS where an attacker may cause "Exposure of Sensitive Information to an Unauthorized Actor" by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact...
Passy 安全漏洞
Passy is a physical access management platform from Passy, an Italian company. A security vulnerability exists in Passy version 1.6.3 that originates from a specially crafted HTTP request and could lead to the execution of arbitrary commands...
CVE-2025-67397
An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection...
RHEL 6 : httpd (RHSA-2026:0074)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0074 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP Server: Serve...
PT-2026-1326
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.445 Description Coolify is a self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters from docker-compose.yaml files are not properly sanitized when...
PT-2026-1325
Name of the Vulnerable Software and Affected Versions Passy version 1.6.3 Description A flaw exists in Passy that could allow a remote attacker to execute arbitrary commands. This can occur through the serial interface by sending a specific code sequence. Additionally, a remote authenticated...