145 matches found
EUVD-2024-54976
Malicious code in bioql PyPI...
IBM Watsonx.data OS Command Injection Vulnerability
IBM Watsonx.data is an open data lake warehouse platform from International Business Machines IBM. An operating system command injection vulnerability exists in IBM Watsonx.data version 2.2 that stems from not properly validating user input and can be exploited by an attacker to cause a privilege...
CVE-2024-45325
An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerabilities CWE-78 in Fortinet FortiDDoS-F version 7.0.0 through 7.02 and before 6.6.3 may allow a privileged attacker to execute unauthorized code or commands via crafted CLI requests...
CVE-2025-51966
A cross-site scripting XSS vulnerability exists in the PDF preview functionality of uTools thru 7.1.1. When a user previews a specially crafted PDF file, embedded JavaScript code executes within the application's privileged context, potentially allowing attackers to steal sensitive data or perfor...
HomeAssistant-Tapo: Cameras Control 代码注入漏洞
HomeAssistant-Tapo: Cameras Control is a Tapo camera controller by the individual developer Juraj Nyíri. A code injection vulnerability exists in HomeAssistant-Tapo: Cameras Control, which stems from a code injection vulnerability in the GitHub Actions workflow that could lead to the execution of...
CVE-2023-45584
A double free vulnerability CWE-415 vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.1, FortiProxy 7.2.0 through 7.2.7, FortiProxy 7.0.0...
CVE-2025-32766
A stack-based buffer overflow vulnerability CWE-121 in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands...
ALPINE-CVE-2025-27614
Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...
CVE-2025-34041 Sangfor Endpoint Detection and Response OS Command Injection
An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response EDR management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interfac...
IBM Cloud Pak for Security和IBM QRadar Suite 代码注入漏洞
IBM Cloud Pak for Security is a software application. An open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated action faster.IBM QRadar Suite is an integrated security information and event management SIEM solution for...
IBM Storage Scale 命令注入漏洞
IBM Storage Scale is a storage solution from International Business Machines IBM designed to help organizations effectively manage and scale storage resources to meet growing data storage needs. A command injection vulnerability exists in IBM Storage Scale versions 5.2.2.0 and 5.2.2.1 that stems...
CVE-2025-1951
IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges...
CVE-2024-54025
An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiIsolator CLI before version 2.4.6 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests...
OpenDaylight SFC Allows Unauthorized Privileged Execution via Crafted Request
An issue in the Shiro-based RBAC Role-based Access Control mechanism of OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allows attackers to execute privileged operations via a crafted request...
Fedora: Security Advisory (FEDORA-2024-0cab161b46)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 40 : tuned (2024-0cab161b46)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-0cab161b46 advisory. This is new version that fixes CVE-2024-52336 and CVE-2024-52337 which allowed privileged execution by non-privileged active local user and log...
CVE-2024-28811
An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations...
HMS Networks HMS Cosy+ 安全漏洞
HMS Networks HMS Cosy+ is an application for industrial remote access from HMS Networks, Sweden. A security vulnerability exists in HMS Networks HMS Cosy+ that stems from the presence of insecure privileges to execute multiple processes with elevated privileges...
PT-2024-18752 · Libifaaca · Libifaaca
Name of the Vulnerable Software and Affected Versions: libIfaaCa versions prior to SMR Apr-2024 Release 1 Description: The issue is related to an out-of-bound write vulnerability in the command parsing implementation. This allows local privileged attackers to execute arbitrary code...
Mozilla: Privileged JavaScript Execution via Event Handlers
The Mozilla Foundation Security Advisory describes this flaw as: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process...