CVE-2025-69212

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a...

PT-2026-5046

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.6 Description Dokploy is a Platform as a Service PaaS. A command injection issue exists in versions prior to 0.26.6 within the /docker-container-terminal WebSocket endpoint. The containerId and activeWay paramete...

EulerOS Virtualization 2.13.1 : samba (EulerOS-SA-2025-2631)

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in Samba File Transfer Software the affected version is unknown and classified as critical.The CWE...

CVE-2025-66401 MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL

MCP Watch is a comprehensive security scanner for Model Context Protocol MCP servers. In 0.1.2 and earlier, the MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via...

OESA-2025-2511 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: A vulnerability has been found in Samba File Transfer Software the affected version is unknown and classified as critical.The CWE definition for the vulnerability is CWE-77. The product constructs all or...

EUVD-2025-4380

Malicious code in bioql PyPI...

EUVD-2024-33117

Malicious code in bioql PyPI...

EUVD-2025-8042

Malicious code in bioql PyPI...

EUVD-2024-33935

Malicious code in bioql PyPI...

EUVD-2024-27931

Malicious code in bioql PyPI...

15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652)

A new report by VulnCheck exposes a critical command injection flaw CVE-2025-53652 in the Jenkins Git Parameter plugin.…...

CVE-2025-8697

A vulnerability was found in agentUniverse up to 0.0.18 and classified as critical. This issue affects the function StdioServerParameters of the component MCPSessionManager/MCPTool/MCPToolkit. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has be...

CVE-2025-5606

The CVE-2025-5606 entry affects Tenda AC18, version 15.03.05.05, with a vulnerability in the formSetIptv function of /goform/SetIPTVCfg. The manipulation of the list/argument list enables command injection and can be exploited remotely. Several connected sources confirm a remote, network-exposed ...

CVE-2024-5355

A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Th...

CVE-2024-11655

A vulnerability classified as critical was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. This vulnerability affects unknown code of the file /admin/network/diagpinginterface. The manipulation of the argument diagping leads to command injection. The attack can be initiated...

CVE-2024-10919

A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cov/triggerUnitCover. The manipulation of the argument uuid leads to os command injection. The attack can be launched remotely. The exploit h...

CVE-2025-4340

A vulnerability classified as critical has been found in D-Link DIR-890L and DIR-806A1 up to 100CNb11/108B03. Affected is the function sub175C8 of the file /htdocs/soap.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed t...

CVE-2024-7436 D-Link DI-8100 msp_info.htm msp_info_htm command injection

A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function mspinfohtm of the file mspinfo.htm. The manipulation of the argument cmd leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to t...

OESA-2024-1521 atril security update

Mate-document-viewer is simple document viewer. It can display and print Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS, DVI, DJVU, epub and XPS files. When supported by the document format, mate-document-viewer allows searching for text, copying text to the clipboard,...