EUVD-2022-15520

Malicious code in bioql PyPI...

EUVD-2023-31711

Malicious code in bioql PyPI...

EUVD-2025-25810

Malicious code in bioql PyPI...

EUVD-2022-0003

Malicious code in bioql PyPI...

EUVD-2021-29348

Malicious code in bioql PyPI...

EUVD-2023-32478

Malicious code in bioql PyPI...

EUVD-2022-51038

Malicious code in bioql PyPI...

EUVD-2022-51280

Malicious code in bioql PyPI...

EUVD-2022-52946

Malicious code in bioql PyPI...

EUVD-2024-0536

Malicious code in bioql PyPI...

EUVD-2023-30292

Malicious code in bioql PyPI...

EUVD-2024-44345

Malicious code in bioql PyPI...

EUVD-2025-13911

Malicious code in bioql PyPI...

EUVD-2023-38253

Malicious code in bioql PyPI...

EUVD-2024-17606

Malicious code in bioql PyPI...

Command Injection

Overview adb-mcp is a MCP server for Android Debug Bridge ADB interactions in TypeScript Affected versions of this package are vulnerable to Command Injection via the executeAdbCommand function. An attacker can execute arbitrary system commands by supplying specially crafted input to the device...

Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9.

Summary Multiple vulnerabilities have been remediated in components used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang...

MCIR

The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. It is a collection of tools designed to demonstrate various types of code injection vulnerabilities, including SQL injection, XML/XPath/XSL injection, Cross-Site Scripting XSS, and shell...

CVE-2025-55211 FreePBX Post-Authenticated Command Injection

FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel ACP can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21...

CVE-2025-57633

A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftpfile parameter and executes it using os.system without sanitization ...