EUVD-2022-25979

Malicious code in bioql PyPI...

EUVD-2023-34301

Malicious code in bioql PyPI...

EUVD-2025-25882

Malicious code in bioql PyPI...

CVE-2025-9244 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 addStaticRoute os command injection

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaticRoute of the file /goform/addStaticRoute. Such manipulation of the argument...

CVE-2023-47295

A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings...

CVE-2025-34029 Edimax EW-7438RPn Mini OS Command Injection via syscmd.asp

An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell...

CVE-2025-32459

The CVE-2025-32459 entry concerns the Quantenna Wi‑Fi chipset where the local control script router_command.sh, used in the sync_time argument, is vulnerable to command injection (CWE-88). Affected product: Quantenna Wi‑Fi chipset up to SDK version 8.0.0.28. Root cause: improper neutralization of...

CVE-2021-41282

diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...

CVE-2025-3579

In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open registry, could execute unauthorised commands within the system. This includes executing operating system Unix commands, interacting with internal services such as PHP or MySQL, and even invoking native...

CVE-2025-1244 Emacs: shell injection vulnerability in gnu emacs via custom "man" uri scheme

A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect...

PT-2025-6477

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 17.3 PostgreSQL versions prior to 16.7 PostgreSQL versions prior to 15.11 PostgreSQL versions prior to 14.16 PostgreSQL versions prior to 13.19 Description The issue is related to improper neutralization of quoting...

WAVLINK AC3000 internet.cgi set_add_routing function dest parameter command injection vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the internet.cgi setaddrouting function's dest parameter failing to properly filter constructed command special character...

CVE-2024-53407

The provided connected documents confirm a concrete vulnerability in Phiewer 4.1.0 involving a dylib injection that leads to Command Execution. The underlying issue is a dylib injection in Phiewer 4.1.0 which can allow an attacker to inject an arbitrary dylib, potentially enabling remote control ...

CVE-2024-47484

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. An unauthenticated attacker with remote access could potentially exploit this...

EUVD-2024-27306

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.85220230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be...

PT-2021-7624

Name of the Vulnerable Software and Affected Versions Ansible affected versions not specified Description A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in...

Joomla! Component Flip Wall 8.0 - wallid SQL Injection

Joomla! Component Flip Wall 8.0 - wallid SQL Injection Exploit Title: Joomla! Component Flip Wall 8.0 - SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: http://pulseextensions.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/sponsors/flip-wall/ Demo...