Malicious code in exec-concurrently-run-script-pm2 (npm)

The package exec-concurrently-run-script-pm2 was found to contain malicious code...

MAL-2025-19661 Malicious code in enif-version-exec-oauth (npm)

The package enif-version-exec-oauth was found to contain malicious code...

MAL-2025-22294 Malicious code in hawkingradiation-promise-exec-greatfilter (npm)

The package hawkingradiation-promise-exec-greatfilter was found to contain malicious code...

MAL-2025-21542 Malicious code in glaciology-query-fetch-exec (npm)

The package glaciology-query-fetch-exec was found to contain malicious code...

MAL-2025-21108 Malicious code in gacrux-iota-exec-shelljs (npm)

The package gacrux-iota-exec-shelljs was found to contain malicious code...

Malicious code in bpmn-exec (npm)

The package bpmn-exec was found to contain malicious code...

Malicious code in subduction-exec-mutation-betelgeuse (npm)

The package subduction-exec-mutation-betelgeuse was found to contain malicious code...

Malicious code in superflare-exec-selenium-gravitationalwave (npm)

The package superflare-exec-selenium-gravitationalwave was found to contain malicious code...

Malicious code in exec-thuban-australis-slidev (npm)

The package exec-thuban-australis-slidev was found to contain malicious code...

Malicious code in glaciology-query-fetch-exec (npm)

The package glaciology-query-fetch-exec was found to contain malicious code...

MAL-2025-20041 Malicious code in exec-mineralogy-command-nightwatch (npm)

The package exec-mineralogy-command-nightwatch was found to contain malicious code...

MAL-2025-20040 Malicious code in exec-less-request-cosmicweb (npm)

The package exec-less-request-cosmicweb was found to contain malicious code...

MAL-2025-16352 Malicious code in bunyan-exec-bootstrap-cz-conventional-changelog (npm)

The package bunyan-exec-bootstrap-cz-conventional-changelog was found to contain malicious code...

CVE-2025-7353

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow...

CVE-2012-10039

ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in remote code executio...

Linux Distros Unpatched Vulnerability : CVE-2021-32635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, singularity action commands run/shell/exec...

CVE-2012-10037

PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No...

CVE-2012-10037 PhpTax pfilez Parameter Exec Remote Code Injection

PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No...

Arbitrary Command Injection

Overview mcp-package-docs is an An MCP server that provides LLMs with efficient access to package documentation across multiple programming languages Affected versions of this package are vulnerable to Arbitrary Command Injection via unsanitized input passed to the exec function. An attacker can...

Command Injection

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Command Injection via the function parsecmd in the class ExecPP, which the --exec process on Windows uses with the default placeholder. An attacker can execute arbitrar...