171 matches found
VulnCheck KEV: CVE-2026-28517
openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in reportnetworkmap.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec without validation or sanitization. If an attacker can modify the...
Access Control Bypass
Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Access Control Bypass via the exec function in the mindsdb/integrations/handlers/byomhandler/procwrapper.py component. An attacker can gain...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the exec function in the /src/vanna/legacy file. An attacker can execute arbitrar...
CVE-2026-4511
A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affected is the function exec of the file /src/vanna/legacy. Such manipulation leads to injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...
Vanna 安全漏洞
Vanna is a personalized AI SQL proxy from Vanna Corporation. Versions of vanna 2.0.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from an injection vulnerability in the exec function located in the src/vanna/legacy directory, which could allow for remote execution...
UBUNTU-CVE-2025-65791
ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function. NOTE: this is disputed by the Supplier because there is no unsanitized user input to web/views/image.php...
CVE-2025-65791
ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. The application passes unsanitized user input directly to the exec function...
CVE-2021-33949
An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function...
CVE-2025-66253 Unauthenticated OS Command Injection (start_upgrade.php)
Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...
CVE-2025-66253 Unauthenticated OS Command Injection (start_upgrade.php)
Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...
EUVD-2022-54962
In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting1 Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve2 be the name of a program, thus prohibiting a scenario...
EUVD-2021-0746
Malware in sbrugna...
EUVD-2007-1133
Malware in sbrugna...
EUVD-2020-0297
Malware in sbrugna...
EUVD-1999-0548
Malware in sbrugna...
EUVD-2020-14766
Malware in sbrugna...
EUVD-2021-0973
Malware in sbrugna...
EUVD-2020-0362
Malware in sbrugna...
EUVD-2025-11272
Malicious code in bioql PyPI...
CVE-2025-59046
The CVE-2025-59046 entry concerns the npm package interactive-git-checkout. Affected versions (up to and including 1.1.4) are vulnerable because the code passes the user-provided branch name directly to git checkout via Node.js child_process.exec() without input validation or sanitization, enabli...