47 matches found
CVE-2026-7551
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...
CVE-2026-7551
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...
EUVD-2019-10522
Malware in sbrugna...
EUVD-2025-27614
Malicious code in bioql PyPI...
Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit
RISK EVALUATION Successful exploitation of these vulnerabilities could enable an attacker to execute arbitrary shell commands on the affected devices. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures...
CVE-2025-9996
CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session...
CVE-2025-9997
CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session...
CVE-2025-9997
CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session...
CVE-2025-9996
CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session...
CVE-2025-9997
CVE-2025-9997 relates to an OS command injection in BLMon Console (Schneider Electric) triggered during SSH sessions when running netstat. The root cause is improper neutralization of special elements in OS commands (CWE-78), potentially allowing execution of arbitrary shell commands on the affec...
CVE-2025-9997
CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session...
CVE-2025-9997
CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session...
CVE-2025-9996
CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session...
PT-2025-36978
Name of the Vulnerable Software and Affected Versions: BLMon Console affected versions not specified Description: An OS Command Injection issue exists due to improper neutralization of special elements used in an OS command. This could allow for the execution of arbitrary shell commands when...
CVE-2025-5689
A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...
SUSE CVE-2024-52010
Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...
CVE-2023-36611
The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens...
Ovarro TBox RTUs 授权问题漏洞
Ovarro TBox RTUs is a modular remote monitoring and automation solution from Ovarro Germany. An authorization issue vulnerability exists in Ovarro TBox RTUs that stems from allowing a low-privileged user to access higher-privileged software security tokens, potentially allowing an attacker to...
Fetch Payloads: A Shorter Path from Command Injection to Metasploit Session
Over the last year, two-thirds of the exploit modules added to Metasploit Framework have targeted command injection vulnerabilities CWE-94: Improper Control of Generation of Code. In the process of helping new and existing open-source contributors learn how to use Metasploit’s command stager...
Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks
The legitimate command-and-control C2 framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week. Sliver...