Linux Distros Unpatched Vulnerability : CVE-2019-13574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly...

Linux Distros Unpatched Vulnerability : CVE-2025-32434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In...

PT-2025-34939 · H3C · H3C Intelligent Management Center

Name of the Vulnerable Software and Affected Versions: H3C Intelligent Management Center IMC versions up to and including E0632H07 Description: H3C Intelligent Management Center IMC contains a remote command execution issue in the /byod/index.xhtml endpoint. Improper handling of the...

Linux Distros Unpatched Vulnerability : CVE-2021-29505

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has...

H3C Intelligent Management Center 安全漏洞

H3C Intelligent Management Center is an integrated network management software platform from China's Xinhua San H3C. A security vulnerability exists in H3C Intelligent Management Center E0632H07 and prior versions, which stems from improper handling of JSF ViewState and could lead to remote comma...

Linux Distros Unpatched Vulnerability : CVE-2024-7110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execut...

CVE-2025-50974

The Calamaris log exporter CGI /cgi-bin/logs.cgi/calamaris.dat in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell metacharacters in any of...

Linux Distros Unpatched Vulnerability : CVE-2020-14947

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mibfile in...

Linux Distros Unpatched Vulnerability : CVE-2017-12976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated...

Linux Distros Unpatched Vulnerability : CVE-2009-4487

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly...

Linux Distros Unpatched Vulnerability : CVE-2009-4490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly...

Linux Distros Unpatched Vulnerability : CVE-2011-1412

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sys/sysunix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game...

Linux Distros Unpatched Vulnerability : CVE-2008-7315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands. CVE-2008-7315 Note that Nessus relies on the presence of the package as report...

CVE-2011-10026

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

ROS-20250821-03

EMACS text editor vulnerability exists due to failure to take measures to neutralize special elements. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...

Linux Distros Unpatched Vulnerability : CVE-2009-4488

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly...

GHSA-X485-RHG3-CQR4 Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

CVE-2011-10028

The RealNetworks RealArcade platform includes an ActiveX control InstallerDlg.dll, version 2.6.0.445 that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation...

CVE-2010-20103

A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows...