19628 matches found
CVE-2025-64111
Summary: CVE-2025-64111 affects Gogs prior to 0.13.4 and 0.14.0+dev, where an insufficient patch for CVE-2024-56731 lets an attacker update files in the .git directory via the API router and achieve remote code execution (RCE). Documents confirm the root cause relates to UpdateRepoFile checks inv...
Malicious code in gridifies (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5b003711060bdfd51eddae8b2ec6fc00313aee8bb480e9017b5ad5d03dbf567c Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
CVE-2026-2000
A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function applyconfig of the file /function/system/basic/bridgecfg.php of the component Web Management Backend. Performing a manipulation of the argument iplist results in command injection. The attack is possible to be...
CVE-2026-2000
A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function applyconfig of the file /function/system/basic/bridgecfg.php of the component Web Management Backend. Performing a manipulation of the argument iplist results in command injection. The attack is possible to be...
EUVD-2026-5693
A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function applyconfig of the file /function/system/basic/bridgecfg.php of the component Web Management Backend. Performing a manipulation of the argument iplist results in command injection. The attack is possible to be...
CVE-2026-2000 DCN DCME-320 Web Management Backend bridge_cfg.php apply_config command injection
A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function applyconfig of the file /function/system/basic/bridgecfg.php of the component Web Management Backend. Performing a manipulation of the argument iplist results in command injection. The attack is possible to be...
CVE-2026-2000
CVE-2026-2000 affects DCN DCME-320 Web Management Backend. The vulnerability is in apply_config() handling of the ip_list argument in /function/system/basic/bridge_cfg.php, where manipulation leads to command injection. It is remotely exploitable and exploits have been published. Public reports (...
CVE-2026-2000
A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function applyconfig of the file /function/system/basic/bridgecfg.php of the component Web Management Backend. Performing a manipulation of the argument iplist results in command injection. The attack is possible to be...
CVE-2026-25157
OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...
PT-2026-6760
Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in the D-Link DIR-823X version 250416 that allows for operating system command injection. This is due to a manipulation possibility within the sub 424D20 function of the /goform/set ipv6...
PT-2026-6784
Name of the Vulnerable Software and Affected Versions Frigate versions prior to 0.16.4 Description Frigate is a network video recorder NVR with realtime local object detection for IP cameras. A critical Remote Command Execution RCE issue exists in the Frigate integration with go2rtc. The...
PT-2026-6775
Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A security flaw exists in the D-Link DIR-823X version 250416. The issue is located in the Web Management Interface, specifically within the file /goform/set ac server. Manipulation of the ac server...
PT-2026-6745
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.4 Gogs versions 0.14.0+dev Description Gogs, a self-hosted Git service, is affected by a critical remote code execution RCE issue. This issue allows attackers to rewrite the .git/config file via an API, potentially...
Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 CVSS score: 9.4, is the result of inadequate sanitization that bypasse...
Edimax EW-7438RPn-v3 Mini 操作系统命令注入漏洞
The Edimax EW-7438RPn-v3 Mini is a mini wireless signal extender produced by Edimax of Taiwan, China. Version 1.27 of the Edimax EW-7438RPn-v3 Mini has a vulnerability related to operating system command injection. This vulnerability stems from remote command execution at the /goform/mp endpoint,...
CVE-2026-25049 n8n Has an Expression Escape Vulnerability Leading to RCE
n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue h...
Maltrail <=0.54 Username Parameter - Remote Command Execution
Maltrail versions =0.54. A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. id: CVE-2025-34073 info: name: Maltrail =0.54 Username Parameter - Remote Command Execution author: SeungAh-Hong severity: critical...
Digiever DS-2105 Pro - Command Injection
Digiever DS-2105 Pro 3.1.0.71-11 contains a command injection caused by unsanitized input in timetzsetup.cgi, letting attackers execute arbitrary commands remotely, exploit requires no authentication. id: CVE-2023-52163 info: name: Digiever DS-2105 Pro - Command Injection author: rajesh-social-te...
GoAnywhere - Authentication Bypass
Fortra GoAnywhere MFT contains an insecure deserialization vulnerability in the License Servlet caused by deserializing attacker-controlled objects with a valid forged license response signature, letting attackers perform command injection, exploit requires valid forged license signature. id:...
Group Office 操作系统命令注入漏洞
Group Office is a modular office suite developed by the Dutch company Group Office. Versions of Group Office prior to 6.8.150, 25.0.82, and 26.0.5 contained an operating system command injection vulnerability. This vulnerability stemmed from improper parameter concatenation in the...