Viessmann Vitogate 300 - Remote Code Execution

In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. id: CVE-2023-45852 info: name: Viessmann Vitogate 300 - Remote Code Execution autho...

Enigma NMS < 65.0.0 - Authenticated OS Command Injection

An OS command injection vulnerability in the discoverandmanage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an authenticated attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ipaddress variable within an snmpbrowser action. id:...

Websvn <2.6.1 - Remote Code Execution

WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter. id: CVE-2021-32305 info: name: Websvn 2.6.1 - Remote Code Execution author: gy741 severity: critical description: WebSVN before 2.6.1 allows remote attackers to execute...

OpenDreambox 2.0.0 - Remote Code Execution

OpenDreambox 2.0.0 is susceptible to remote code execution via the webadmin plugin. Remote attackers can execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI in enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py. id: CVE-2017-14135 info: nam...

CVE-2026-55748

A flaw was found in OpenStack Horizon. This vulnerability allows a highly privileged remote attacker, with user interaction, to craft a project name containing shell metacharacters. When scripts for OpenStack RC file downloading are produced, these metacharacters may be processed, potentially...

OpenStack Horizon RC file generation does not escape special characters in project names

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

CVE-2026-55748

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

EUVD-2026-37723

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

CVE-2026-55748

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

CVE-2026-55748

OpenStack Horizon prior to 25.7.4 can generate scripts for downloading OpenStack RC files where a crafted project name containing shell metacharacters is possible. The description notes this as a security hardening opportunity rather than a vulnerability, and the CVSS 3.1 metrics indicate a MEDIU...

Linux Distros Unpatched Vulnerability : CVE-2025-56814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A code injection vulnerability in the wxExecute function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters...

DrayTek - Remote Code Execution

DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta devices allow remote code execution as root without authentication via shell metacharacters to the cgi-bin/mainfunction.cgi URI. id: CVE-2020-8515 info: name: DrayTek - Remote Code Execution...

Command Injection

aws-cdk-lib is vulnerable to Command Injection. The vulnerability is due to improper sanitization of user-controlled bundling properties in the NodejsFunction local bundling pipeline, which allows an attacker to inject shell metacharacters and execute arbitrary commands on the host running the CD...

EUVD-2025-210154

A code injection vulnerability in the wxExecute function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters...

CVE-2025-56814

A code injection vulnerability in the wxExecute function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters...

CVE-2025-56814

A code injection vulnerability in the wxExecute function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters...

CVE-2025-56814

A code injection vulnerability in the wxExecute function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters...

CVE-2025-56814

CVE-2025-56814 affects OpenCPN v5.12.0, where the wxExecute() function is vulnerable to code injection via embedded shell metacharacters. The underlying issue is a vector that allows arbitrary code execution, with a local attack vector and high impact on confidentiality, integrity, and availabili...

EUVD-2026-36619

OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated operators can exploit shell metacharacters in approved commands to read unintended node-loca...

File Browser has a Command Execution Allowlist Bypass via Shell Metacharacter Injection

!NOTE This feature has been disabled by default for all installations from v2.33.8 onwards, including for existent installations. To exploit this vulnerability, the instance administrator must turn on a feature and ignore all the warnings about known vulnerabilities. We're publishing this new...