PT-2026-1825

Name of the Vulnerable Software and Affected Versions sonirico mcp-shell version 0.3.1 Description A command injection issue exists in the shell exec function. An attacker can execute arbitrary commands by providing a specially crafted command string. The issue affects the shell exec function...

EUVD-2025-199260

Malicious code in shell-exec npm...

@abtnode/blocklet-services (>=1.16.6 <=1.17.12-beta-20260422-093007-b389a838), @abtnode/cli (>=1.0.0 <=1.16.34-beta-20241113-102431-65542b84) +445 more potentially affected by unknown CVE via shell-exec (>=1.0.2 <=1.1.2)

shell-exec NPM version =1.0.2, =1.16.6, =1.0.0, =1.16.6, =1.0.0, =0.3.35, =1.5.0, =0.0.0-beta.0, =0.0.0, =2.49.0, =1.0.0, =2.0.0-0, =2.0.0-0, =1.0.16, =1.0.0, =1.2.1, =1.3.16 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-191424...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

@abtnode/blocklet-services (>=1.16.6 <=1.17.12-beta-20260422-093007-b389a838), @abtnode/cli (>=1.0.0 <=1.16.34-beta-20241113-102431-65542b84) +445 more potentially affected by unknown CVE via shell-exec (>=1.0.2 <=1.1.2)

shell-exec NPM version =1.0.2, =1.16.6, =1.0.0, =1.16.6, =1.0.0, =0.3.35, =1.5.0, =0.0.0-beta.0, =0.0.0, =2.49.0, =1.0.0, =2.0.0-0, =2.0.0-0, =1.0.16, =1.0.0, =1.2.1, =1.3.16 and more Source cves: unknown CVE Source advisory: SNYK:JS-SHELLEXEC-14103722...

Linux Distros Unpatched Vulnerability : CVE-2021-32635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, singularity action commands run/shell/exec...

PT-2024-22790 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.128 Description: FreeScout is a self-hosted help desk and shared mailbox. The issue concerns OS Command Injection in the /public/tools.php source file. The value of the php path parameter is being executed as a...

Authentication Bypass

zoneminder is vulnerable to Authentication Bypass. The vulnerability exists due to the improper permissions check on the snapshot action, which trigger ends up calling shellexec using the supplied Id, allowing an attacker to bypass the authorization mechanism by injecting and executing malicious...

GHSA-6722-XVQ8-3254 SketchSVG Arbitrary Code Injection vulnerability

All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string...

Command injection

All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string...

CVE-2021-44981

In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shellexec''; function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by...

PfSense命令注入漏洞

漏洞简介 该漏洞的编号为CVE-2014-4688，存在于PfSense的2.1.3以及更低版本中。该漏洞源于php程序中没有对用户的输入值进行严格的校验，导致用户恶意输入达到命令执行函数时会产生严重后果。其中，diagdns.php， diagsmart.php， statusrrdgraphimg.php三个脚本文件受到该漏洞的影响。 漏洞分析 在diagdns.php中，用户提交的host值经过处理后将传到dig变量中执行。攻击者通过构造host值执行任意命令。...

e-Commerce Vision Design Group Code injection Vulnerability

Exploit for php platform in category web applications Exploit Title: e-Commerce Vision Design Group Code injection Date: 10/09/2014 Exploit Author: MindCracker - Team MaDLeeTs Contact : email protected | FB.Com/Pakistani1337 Greetz : KhantastiC - b0x - 1337 - H4x0rl1f3 - Shadow008 - Invectus...