Astra Linux - уязвимость в redis

Redis is an in-memory database that persists data on disk. A vulnerability exists starting from version 2.2, and is related to out-of-bounds reads and integer overflow leading to buffer overflow. This vulnerability is present in versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, the Redis BIT...

CVE-2026-20008 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Lua Code Injection Vulnerability

A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, local attacker to craft Lua code that could be used on the underlying operating...

CVE-2023-40531

Archer AX6000 firmware versions prior to 'Archer AX6000JPV11.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands...

EUVD-2006-5661

Malware in sbrugna...

EUVD-2018-0401

Malware in sbrugna...

EUVD-2005-3099

Malware in sbrugna...

EUVD-2012-4021

Malware in sbrugna...

EUVD-2018-1447

Malware in sbrugna...

EUVD-2013-3402

Malware in sbrugna...

EUVD-2021-2441

Malware in sbrugna...

EUVD-2017-3204

Malware in sbrugna...

EUVD-2023-34242

Malicious code in bioql PyPI...

EUVD-2022-0754

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2015-8966

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arch/arm/kernel/sysoabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted 1 FOFDGETLK, 2 FOFDSETLK, or 3 FOFDSETLKW...

CVE-2025-5826 Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability

Autel MaxiCharger AC Wallbox Commercial bleprocessesp32msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not...

CVE-2025-47780 cli_permissions.conf: deny option does not work for disallowing shell commands

Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface CLI by configuring...

CVE-2019-20217

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because SERVERID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attack...

CVE-2025-1731

An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...

Arbitrary Code Execution

langchain is vulnerable to Arbitrary Code Execution. The vulnerability is caused by improper input sanitization in the prompt parameter, which could allow an attacker to execute arbitrary commands on the victim's system...

CVE-2022-40635

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass...