19640 matches found
CVE-2021-47836
Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowin...
CVE-2025-60021
Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...
CVE-2025-60021
Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...
CVE-2025-60021 Apache bRPC: Remote command injection vulnerability in heap builtin service
Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...
CVE-2025-60021 Apache bRPC: Remote command injection vulnerability in heap builtin service
Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...
CVE-2025-60021
Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...
CVE-2025-60021
Apache bRPC CVE-2025-60021 is a remote command injection in the heap profiler built-in service (/pprof/heap) affecting all versions
MiracleLinux 7 : emacs-24.3-20.el7 (AXSA:2017-2282:02)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-2282:02 advisory. A command injection flaw within the Emacs enriched mode handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file...
CVE-2021-47758
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables...
PT-2026-3034
Name of the Vulnerable Software and Affected Versions Chikitsa Patient Management System version 2.0.2 Description The software contains an authenticated remote code execution issue. Attackers can upload malicious PHP plugins through the module upload functionality. Authenticated attackers can...
Linux Distros Unpatched Vulnerability : CVE-2023-54335
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers...
PT-2026-5234
Name of the Vulnerable Software and Affected Versions Totolink A7000R version 4.1cu.4154 Description A flaw exists in Totolink A7000R version 4.1cu.4154 that allows for command injection. The issue is located in the CloudACMunualUpdateUserdata function within the /cgi-bin/cstecgi.cgi file...
CVE-2022-50806
4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the template and execute arbitrary commands by accessing a specific categories.php...
VMware Spring CLI VSCode Extension 安全漏洞
VMware Spring CLI VSCode Extension is a Visual Studio Code add-in from VMware, Inc. A security vulnerability exists in VMware Spring CLI VSCode Extension that originates from command injection and could lead to the execution of commands on a user's machine...
MiracleLinux 3 : logwatch-7.3-9.AXS3 (AXSA:2011-82:01)
The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2011-82:01 advisory. Logwatch is a customizable, pluggable log-monitoring system. It will go through your logs for a given period of time and make a report in the areas that you wi...
Fortinet FortiSIEM Unauthenticated Remote Command Injection (FG-IR-25-772)
The version of Fortinet FortiSIEM running on the remote server is 6.7.x through 6.7.10, 7.0.x through 7.0.4, 7.1.x prior to 7.1.9, 7.2.x prior to 7.2.7, 7.3.x prior to 7.3.5, or 7.4.0. It is, therefore, affected by an unauthenticated remote command injection vulnerability: - An improper...
MiracleLinux 4 : bind-9.7.3-2.2.0.1.AXS4.P3 (AXSA:2011-406:01)
"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-406:01 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves ho...
MiracleLinux 4 : xorg-x11-server-utils-7.4-15.AXS4.1 (AXSA:2011-155:01)
The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2011-155:01 advisory. A collection of utilities used to tweak and query the runtime configuration of the X server Security issues fixed with this release; CVE-2011-0465 xrdb.c in...
CVE-2023-54335
eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...
CVE-2023-54339
Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27'...