CVE-2026-23920

Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands...

CVE-2026-23920

Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands...

Arbitrary Code Injection

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Arbitrary Code Injection via the script process. An attacker can execute arbitrary code, escalate privileges, disclose...

EUVD-2025-200306

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, there are multiple XSS due to unsafe use of f-strings in Markup. The issue requires a malicious 3rd party server responding with a JSON document...

CVE-2025-23361

NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and da...

EUVD-2008-2706

Malware in sbrugna...

EUVD-2024-52672

Malicious code in bioql PyPI...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the /api/v2/hoverfly/middleware endpoint. An attacker can execute arbitrary system commands by supplying crafted input to the binary and script parameters, which are passed directly to command execution without...

CVE-2025-40746

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V3.2. Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT...

CVE-2025-40746

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V3.2. Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT...

CVE-2024-54794

The script input feature of SpagoBI 3.5.1 allows arbitrary code execution...

CVE-2024-54794

The script input feature of SpagoBI 3.5.1 allows arbitrary code execution...

Engineering SpagoBI 命令注入漏洞

Engineering SpagoBI is an open source Business Intelligence suite based on the J2EE framework from the Italian company Engineering. The suite is mainly used to manage BI objects such as reports, scorecards, and data mining models, and to control, validate, verify, and distribute these BI objects...

PT-2025-1233 · Spagobi · Spagobi

Name of the Vulnerable Software and Affected Versions: SpagoBI version 3.5.1 Description: The issue is related to the script input feature of SpagoBI, which allows arbitrary code execution. This is due to the lack of measures to neutralize special elements used in the command input field...

camera-pi 安全漏洞

camera-pi is a camera module by Michael Horne Personal Developer. A security vulnerability exists in camera-pi version 1.0, which stems from the mishandling of user input passed to the position GET parameter in the tilt.php script, which could allow an attacker to execute arbitrary commands by...

SUSE CVE-2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...

CVE-2020-3294 Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected...

XSS in User Macros, Macro Title and Icon URL

h2. Summary System Administrator is allowed to input JS/CSS in Macro Title and Icon URL in Macro Editor. The script input in the fields can be executed when user open "Macro" selection window. h2. How to reproduce Go to "Edit User Macro" as Confluence Administrator. !Screen Shot 2018-06-14 at...

Cisco Application Policy Infrastructure Controller Command Injection Vulnerability

The Cisco Application Policy Infrastructure Controller APIC is a controller for automating the management of application-centric infrastructures ACI from Cisco. A command injection vulnerability exists in the system script file in Cisco APIC that stems from the program failing to adequately...

Easypx41 Multiple Variable Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14421/info Easypx41 is prone to multiple variable injection vulnerabilities. An attacker can manipulate multiple script input variables and bypass access controls to retrieve sensitive and privileged information...