37 matches found
EUVD-2020-19740
Malware in sbrugna...
EUVD-2022-40510
Malicious code in bioql PyPI...
EUVD-2023-44353
Malicious code in bioql PyPI...
EUVD-2023-26879
Malicious code in bioql PyPI...
EUVD-2023-26876
Malicious code in bioql PyPI...
EUVD-2023-26878
Malicious code in bioql PyPI...
CVE-2025-42963
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected...
CVE-2025-42963
The CVE-2025-42963 entry describes a critical issue in SAP NetWeaver Application Server for Java Log Viewer: authenticated administrators can exploit unsafe Java object deserialization to achieve full OS compromise, affecting confidentiality, integrity, and availability. The vulnerability is clas...
CVE-2025-42963 Insecure Deserialization in SAP NetWeaver Application Server for Java (Log Viewer )
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected...
CVE-2025-22398
Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root...
CVE-2020-27227
An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowin...
CVE-2024-47461 Authenticated Arbitrary Remote Command Execution (RCE) in Instant AOS-8 and AOS-10
An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to...
CVE-2024-42393 Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise...
CVE-2024-22443
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the...
CVE-2024-1520
The CVE-2024-1520 entry concerns an OS command injection in parisneo/lollms-webui, via improper validation of the discussion_id parameter on the /open_code_folder endpoint. Affected component is the web UI’s input handling, allowing an attacker to inject OS commands and achieve remote code execut...
CVE-2023-49329
Anomali Match (CVE-2023-49329) before 4.6.2 is vulnerable to OS Command Injection due to improper handling of untrusted input. An authenticated admin user can inject and execute operating system commands, potentially compromising the underlying OS. The earliest affected version is 4.3; fixed in 4...
CVE-2023-5762
The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE Remote Code Execution vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges...
Cross site scripting
ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...
CVE-2023-40623
SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited...
PT-2023-25820 · Aruba · Aos-Cx
Name of the Vulnerable Software and Affected Versions: AOS-CX affected versions not specified Description: An authenticated command injection issue exists in the command line interface, allowing successful exploitation to execute arbitrary commands on the underlying operating system as a privileg...