CVE-2026-5528

A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown part of the component HTTP Interface. Such manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may...

CVE-2019-7632

LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtusize parameter. The lifesize default password for the cli account may sometimes be used for authentication...

EUVD-2019-17165

Malware in sbrugna...

EUVD-2024-47324

Malicious code in bioql PyPI...

mcp-remote exposed to OS command injection via untrusted MCP server connections

mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorizationendpoint response URL...

CVE-2025-5444

A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RPUpgradeFWByBBS of the file /goform/RPUpgradeFWByBBS. The manipulation of...

CVE-2024-3721

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys=SOSTREAMAX. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. Th...

CVE-2025-1608

A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Affected is the function websGetVar of the file /goform/setmanpwd. The manipulation of the argument routepwd leads to os command injection. It is possible to launch the attack remotely. The exploit has...

CVE-2025-1536

A vulnerability was found in Raisecom Multi-Service Intelligent Gateway up to 20250208. It has been declared as critical. This vulnerability affects unknown code of the file /vpn/vpntemplatestyle.php of the component Request Parameter Handler. The manipulation of the argument stylenum leads to os...

CVE-2024-4582

A vulnerability classified as critical has been found in Faraday GM8181 and GM828x up to 20240429. Affected is an unknown function of the component NTP Service. The manipulation of the argument ntpsrv leads to os command injection. It is possible to launch the attack remotely. The exploit has bee...

CVE-2024-0918

A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploi...

GHSA-HJ3W-WRH4-44VP LLama Factory Remote OS Command Injection Vulnerability

Summary A critical remote OS command injection vulnerability has been identified in the Llama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on the host system. The issue is caused by insecure...

LLama Factory Remote OS Command Injection Vulnerability

Summary A critical remote OS command injection vulnerability has been identified in the Llama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on the host system. The issue is caused by insecure...

CVE-2024-52803

LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on...

CVE-2024-52803 LLama Factory Remote OS Command Injection Vulnerability

LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on...

CVE-2024-52803

CVE-2024-52803 affects LLama Factory, where the training process is vulnerable to a remote OS command injection due to insecure use of Popen with shell=True and unsanitized user input. The issue allows an attacker to execute arbitrary OS commands on the host, with impact described as high for con...

CVE-2024-10915

CVE-2024-10915 affects D-Link NAS models DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. The vulnerability is in the function; the group parameter in the endpoint /cgi-bin/account_mgr.cgi?cmd=cgi_user_add can be manipulated to cause an OS command injection, enabling remote code execution...

CVE-2024-4509

CVE-2024-4509 affects Ruijie RG-UAC up to 20240428. The vulnerability is an OS command injection in the PHP endpoint /view/IPV6/naborTable/add_commit.php, triggered by manipulating the ip_addr/mac_addr arguments. It can be exploited remotely, and public disclosure of the exploit is noted. Affecte...

CVE-2024-4507

A vulnerability was found in Ruijie RG-UAC up to 20240428 and classified as critical. This issue affects some unknown processing of the file /view/IPV6/ipv6StaticRoute/staticrouteaddipv6.php. The manipulation of the argument textprefixlen/textgateway/devname leads to os command injection. The...

CVE-2024-4507

CVE-2024-4507 affects Ruijie RG-UAC (up to 20240428). The issue is an OS command injection in the web interface, triggered by manipulating parameters text_prefixlen, text_gateway, or devname in the PHP path /view/IPV6/ipv6StaticRoute/static_route_add_ipv6.php. Impact per sources: remote attacker ...