EUVD-2022-51280

Malicious code in bioql PyPI...

EUVD-2025-13911

Malicious code in bioql PyPI...

EUVD-2024-17606

Malicious code in bioql PyPI...

EUVD-2023-38253

Malicious code in bioql PyPI...

Command Injection

Overview adb-mcp is a MCP server for Android Debug Bridge ADB interactions in TypeScript Affected versions of this package are vulnerable to Command Injection via the executeAdbCommand function. An attacker can execute arbitrary system commands by supplying specially crafted input to the device...

Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9.

Summary Multiple vulnerabilities have been remediated in components used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang...

MCIR

The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. It is a collection of tools designed to demonstrate various types of code injection vulnerabilities, including SQL injection, XML/XPath/XSL injection, Cross-Site Scripting XSS, and shell...

CVE-2025-55211 FreePBX Post-Authenticated Command Injection

FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel ACP can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21...

CVE-2025-57633

A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftpfile parameter and executes it using os.system without sanitization ...

Linux Distros Unpatched Vulnerability : CVE-2008-7319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments e.g., invalid hostnames containing shell metacharacters before use ...

Linux Distros Unpatched Vulnerability : CVE-2019-8427

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters. CVE-2019-8427 Note that Nessus relies on...

CVE-2025-55583

Affected product: D-Link DIR-868L B1 router with firmware FW2.05WWB02. Vulnerability: unauthenticated OS command injection in fileaccess.cgi; endpoint /dws/api/UploadFile passes pre_api_arg directly to system-level shell without sanitization/authentication. Impact: remote command execution as roo...

CVE-2025-30056 Calling system commands via RunCommand

The RunCommand function accepts any parameter, which is then passed for execution in the shell. This allows an attacker to execute arbitrary code on the system...

CVE-2025-30056 Calling system commands via RunCommand

The RunCommand function accepts any parameter, which is then passed for execution in the shell. This allows an attacker to execute arbitrary code on the system...

CVE-2025-50974

The Calamaris log exporter CGI /cgi-bin/logs.cgi/calamaris.dat in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell metacharacters in any of...

CVE-2025-50974

The Calamaris log exporter CGI /cgi-bin/logs.cgi/calamaris.dat in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell metacharacters in any of...

CVE-2025-41451

Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command 'Command Injection' in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system...

CVE-2010-20059

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The execraw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation...

CVE-2010-20059

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The execraw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation...

CVE-2010-20059 FreeNAS < 0.7.2 rev 5543 exec_raw.php Arbitrary Command Execution

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The execraw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation...