EUVD-2018-21786

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system...

CVE-2017-20221

The connected docs confirm a CSRF vulnerability in Telesquare SKT LTE Router SDT-CS3B1 (fw v1.2.0). Authenticated attackers can abuse missing request validation to cause arbitrary system command execution with router privileges by visiting a malicious page that triggers administrative actions. Th...

PT-2026-24241

Уязвимость микропрограммного обеспечения коммутаторов Fortinet FortiSwitchAXFixed связана с недостатками разграничения доступа. Эксплуатация уязвимости может позволить нарушителю выполнить произвольные системные команды с помощью специально созданного конфигурационного файла SSH...

EUVD-2020-31045

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters...

CVE-2020-37123

CVE-2020-37123 (Pinger 1.0) : A remote code execution vulnerability exists in Pinger 1.0 allowing attackers to inject shell commands via unsanitized inputs in ping.php, enabling arbitrary PHP file creation and command execution. Exploitation is network-based with no authentication or user interac...

CVE-2020-37032

Wing FTP Server 6.3.8 is affected by a remote code execution flaw in the Lua-based web console. The issue allows authenticated users to send crafted POST requests that trigger operating system commands via os.execute(), enabling arbitrary code execution on the server. Affected component: Lua-base...

CVE-2025-31342

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file...

EUVD-2018-5266

Malware in sbrugna...

CVE-2025-53970

CVE-2025-53970 affects SS1 versions 16.0.0.10 and earlier (Media 16.0.0a and earlier) from DOS Co., Ltd. A remote unauthenticated attacker can upload arbitrary files and execute OS commands with SYSTEM privileges. Multiple sources (NVD, Red Hat, JVN, CIRCL, PT Security, etc.) corroborate the vuln...

CVE-2025-53970

SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges...

PT-2024-17692 · Smartrobot · Smartrobot'S Conversational Ai Platform

Name of the Vulnerable Software and Affected Versions: SmartRobot's Conversational AI Platform versions prior to 7.2.0 Description: A Code Injection vulnerability exists in the groovy script function of SmartRobot's Conversational AI Platform, allowing remote authenticated users to perform...

CVE-2024-28138

Summary of CVE-2024-28138 : An unauthenticated attacker with network access to the affected device’s web interface can execute arbitrary system commands via the image processing script (msg_events.php / msg events.php) because the HTTP GET parameter data is not properly sanitized. This allows com...

CHANGING Mobile One Time Password Code Issue Vulnerability

CHANGING Mobile One Time Password is a password management application from the Chinese company CHANGING Mobile. It is used to set one-time passwords for authentication or transactions. A code issue vulnerability exists in CHANGING Mobile One Time Password, which stems from the upload function on...

PT-2024-26892 · Unknown · Wrc-X5400Gsa-B

Name of the Vulnerable Software and Affected Versions: WRC-X5400GS-B versions 1.0.10 and earlier WRC-X5400GSA-B versions 1.0.10 and earlier Description: The issue allows a network-adjacent attacker with administrative privilege to execute arbitrary OS commands by sending a specially crafted reque...

Ivanti Avalanche 安全漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche prior to version 6.4.3, which stems from a path traversal...

CVE-2023-38030

CVE-2023-38030 affects Saho ADM100 and ADM-100FP devices. The vulnerability is missing authentication for critical functions, enabling an unauthenticated remote attacker to execute system commands via partial URLs and read sensitive device information. Affected versions are not specified in the p...

The vulnerability of the Python programming language interpreter arises from memory management errors after memory is freed, allowing attackers to execute operating system commands.

The vulnerability of the Python programming language interpreter arises from a mistake in memory management after the memory is freed. Exploiting this vulnerability allows an attacker to execute operating system commands through the Python interpreter, bypassing the standard mechanism for importi...

Sql injection

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerTCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

buildah: Default inheritable capabilities for linux container should be empty

A flaw was found in buildah, where containers were incorrectly started with non-empty default permissions. A bug was found in Moby Docker Engine where containers were incorrectly started with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs wi...

Sql injection

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...