CVE-2011-3626

Double free vulnerability in the prepareexec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted strings in a log file...

CVE-2019-20343

The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element within a plugin element can specify an arbitrary program in an executable element and can also specify arbitrary command-line arguments in an arguments element...

CVE-2019-10777

In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName"...

CVE-2019-10778

devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable commonName controlled by user input is used as part of the exec function without any sanitization...

CVE-2019-10783

All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input...

CVE-2005-4779

verifiedexecioctl in verifiedexec.c in NetBSD 2.0.2 calls NDINIT with UIOUSERSPACE rather than UIDSYSSPACE, which removes the functionality of the verified exec kernel subsystem and might allow local users to execute Trojan horse programs...

CVE-1999-0955

Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command...

CVE-2025-4896

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/UserCongratulationsExec. The manipulation of the argument getuid leads to buffer overflow. The attack may be launched remotely. The exploit has...

CVE-2025-28056

rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component...

Arbitrary Code Injection

Overview factool is a Factuality Detection for Generative AI Affected versions of this package are vulnerable to Arbitrary Code Injection through the runsingle and run functions in the class pythonexecutor due to using the exec function to execute user-provided input without any form of validatio...

CVE-2025-22029

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-22029

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-22029

CVE-2025-22029 is rejected by its CNA and is not an active vulnerability entry.

CVE-2025-22029

...

CVE-2025-32778

Web-Check is an all-in-one OSINT tool for analyzing any website. A command injection vulnerability exists in the screenshot API of the Web Check project Lissy93/web-check. The issue stems from user-controlled input url being passed unsanitized into a shell command using exec, allowing attackers t...

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data in scanner.py, which does not include numpy.testing.private.utils or other modules that can be leveraged for...

GHSA-VQ4P-PCHP-6G6V Apache Camel Missing Header Out Filter Leads to Potential Bypass/Injection Vulnerability

Bypass/Injection vulnerability in Apache Camel in Camel-Undertow component under particular conditions. This issue affects Apache Camel: from 4.10.0 before 4.10.3, from 4.8.0 before 4.8.6. Users are recommended to upgrade to version 4.10.3 for 4.10.x LTS and 4.8.6 for 4.8.x LTS. Camel undertow...

Remote Code Execution (RCE)

Overview mcpadapt is an Adapt MCP servers to many agentic framework. Affected versions of this package are vulnerable to Remote Code Execution RCE due to unsanitized input in the SmolAgentsAdapter where untrusted MCP server responses are interpolated into a dynamic Python class via an exec call...

DEBIAN-CVE-2025-21889

In the Linux kernel, the following vulnerability has been resolved: perf/core: Add RCU read lock protection to perfiteratectx The perfiteratectx function performs RCU list traversal but currently lacks RCU read lock protection. This causes lockdep warnings when running perf probe with unshare1...

adclaw (>=1.0.0 <=1.0.4), agentloop-sdk (>=0.3.0 <=0.4.0) +23 more potentially affected by CVE-2024-8524 via agentscope (>=1.0.10 <=1.0.19.post1)

agentscope PYPI version =1.0.10, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.1.0.post1, =0.2.0, =0.4.0, =0.1.6, =0.1.0, =0.1.2 and more Source cves: CVE-2024-8524 Source advisory: OSV:PYSEC-2025-83...