CVE-2025-22408

CVE-2025-22408 affects Google Android in the rfc_check_send_cmd function of rfc_utils.cc, caused by a use-after-free; this enables remote code execution with no extra privileges and without user interaction. Public documents confirm the issue as a System-level vulnerability in Android, with CVSS ...

CVE-2025-22406

In bnepuchecksendpacket of bneputils.cc, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Linux Distros Unpatched Vulnerability : CVE-2022-24918

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user can create a link with reflected Javascript code inside it for items' page and send it to other users. The payload can be executed only wi...

CVE-2011-10026

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

GHSA-X485-RHG3-CQR4 Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

Arbitrary Code Injection

Overview rdsearchlogic is a Searchlogic makes using ActiveRecord named scopes easier and less repetitive. Affected versions of this package are vulnerable to Arbitrary Code Injection via the searchinstanceeval parameter, which is dynamically invoked using the send method. An attacker can execute...

CVE-2011-10026

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

CVE-2011-10026 Spreecommerce < 0.50.x API RCE

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

PT-2025-34107 · Undefined · Undefined

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstance eval parameter, which is dynamically invoked using Ruby’s send method. Th...

Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

CVE-2025-38548

In the Linux kernel, the following vulnerability has been resolved: hwmon: corsair-cpro Validate the size of the received input buffer Add bufferrecvsize to store the size of the received bytes. Validate bufferrecvsize in sendusbcmd...

SUSE CVE-2025-38548

In the Linux kernel, the following vulnerability has been resolved: hwmon: corsair-cpro Validate the size of the received input buffer Add bufferrecvsize to store the size of the received bytes. Validate bufferrecvsize in sendusbcmd...

DEBIAN-CVE-2025-38548

In the Linux kernel, the following vulnerability has been resolved: hwmon: corsair-cpro Validate the size of the received input buffer Add bufferrecvsize to store the size of the received bytes. Validate bufferrecvsize in sendusbcmd...

CVE-2025-55284

Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires th...

CVE-2011-10019

Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...

CVE-2025-8927

A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/sendcode of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction of excessive authentication attempts. The...

Linux Distros Unpatched Vulnerability : CVE-2021-47069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry domqtimedreceive...

Malicious code in database-update-send-email (npm)

The package database-update-send-email was found to contain malicious code...

Malicious code in send-alimail (npm)

The package send-alimail was found to contain malicious code...