CVE-2025-61489

A command injection vulnerability in the shellexec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string...

CVE-2025-63680

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...