CVE-2022-36988

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server...

CVE-2022-45796

Command injection vulnerability in nwinterface.html in SHARP multifunction printers MFPs's Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System Monochrome 200 or...

CVE-2022-46414

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal...

CVE-2022-46413

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal...

CVE-2022-22375

IBM Security Verify Privilege On-Premises 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 221681...

CVE-2022-0415

Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6...

CVE-2022-44533

A vulnerability in the Aruba EdgeConnect Enterprise web management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complet...

CVE-2022-44534

A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system...

CVE-2019-3660

Improper Neutralization of HTTP requests in McAfee Advanced Threat Defense ATD prior to 4.8 allows remote authenticated attacker to execute commands on the server remotely via carefully constructed HTTP requests...

CVE-2025-20124 Cisco Identity Services Engine Java Deserialization Vulnerability

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit...

CVE-2024-52875

An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response...

CVE-2024-21623

OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and...

CVE-2024-29204

A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands...

CVE-2024-23692

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment...

CVE-2024-32651

changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection SSTI in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction...

CVE-2024-5672

A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command...

CVE-2024-49803

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request...

CVE-2024-36131

An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance...

CVE-2024-54006

Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged...

CVE-2024-27976

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...