Veeder-Root TLS4B Automatic Tank Gauge System 命令注入漏洞

Veeder-Root TLS4B Automatic Tank Gauge System is a security management system for gas stations, tank farms, or industrial storage tanks from Veeder-Root, Inc. The Veeder-Root TLS4B Automatic Tank Gauge System suffers from a command injection vulnerability that stems from the SOAP interface being...

VulnCheck KEV: CVE-2022-1703

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service DoS attack...

PT-2025-42823

Name of the Vulnerable Software and Affected Versions TP-Link Omada Gateway affected versions not specified Description An arbitrary OS command may be executed by a remote attacker. An unauthenticated attacker can potentially execute commands on the system. The issue allows for remote command...

CVE-2018-25118 GeoVision Command Injection RCE via /PictureCatch.cgi

GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life EOL by the vendor. VulnCheck has...

CVE-2018-25118

CVE-2018-25118 Affected products (from provided docs): GeoVision GV-BX1500 and GV-MFD1501 IP cameras. The vulnerability is a remote command injection via the endpoint /PictureCatch.cgi that allows an attacker to execute arbitrary commands on the device. The vendor notes these models are end-of-li...

CVE-2025-31342

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file...

CVE-2025-31342 Galaxy Software Services Vitals ESP Forum Module - Unrestricted Upload of File with Dangerous Type

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file...

Exploit for CVE-2025-1094

🛠️ CVE-2025-1094 Lab Setup ⚠️ Disclaimer This lab i...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the Management and Monitoring REST API when processing GET requests. An attacker can execute arbitrary commands on the target system by tricking an authenticated user into submitting malicious request...

CVE-2025-11900 HGiga｜iSherlock - OS Command Injection

The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server...

HGiga iSherlock 操作系统命令注入漏洞

HGiga iSherlock is a series of software products from China Henderson HGiga. HGiga iSherlock suffers from an operating system command injection vulnerability that originates from an unauthenticated, remote attacker who can inject arbitrary OS commands and execute them on the server, potentially...

bagisto has CSV Formula Injection in Create New Product

Summary When product data that begins with a spreadsheet formula character for example =, +, -, or @ is accepted and later exported or saved into a CSV and opened in spreadsheet software, the spreadsheet will interpret that cell as a formula. This allows an attacker to supply a CSV field e.g.,...

GHSA-JQRP-58FV-W8CQ bagisto has CSV Formula Injection in Create New Product

Summary When product data that begins with a spreadsheet formula character for example =, +, -, or @ is accepted and later exported or saved into a CSV and opened in spreadsheet software, the spreadsheet will interpret that cell as a formula. This allows an attacker to supply a CSV field e.g.,...

CVE-2025-62417 bagisto - CSV Formula Injection in Create New Product

Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character for example =, +, -, or @ is accepted and later exported or saved into a CSV and opened in spreadsheet software, the spreadsheet will interpret that cell as a formula. This...

CVE-2025-59481

A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful exploit can allow the attacker to cross a security...

Webkul Software Bagisto 安全漏洞

Webkul Software Bagisto is an open source e-commerce framework from Webkul Software, India. A security vulnerability exists in Webkul Software Bagisto versions prior to 2.3.8, which stems from incorrect handling of spreadsheet formula characters and could lead to data exfiltration and remote...

CVE-2025-10243

OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2025-37146

A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

CVE-2025-10230

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

UBUNTU-CVE-2025-10230

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...