3988 matches found
Viessmann Vitogate 300 - Remote Code Execution
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. id: CVE-2023-45852 info: name: Viessmann Vitogate 300 - Remote Code Execution autho...
Websvn <2.6.1 - Remote Code Execution
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter. id: CVE-2021-32305 info: name: Websvn 2.6.1 - Remote Code Execution author: gy741 severity: critical description: WebSVN before 2.6.1 allows remote attackers to execute...
OpenDreambox 2.0.0 - Remote Code Execution
OpenDreambox 2.0.0 is susceptible to remote code execution via the webadmin plugin. Remote attackers can execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI in enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py. id: CVE-2017-14135 info: nam...
Enigma NMS < 65.0.0 - Authenticated OS Command Injection
An OS command injection vulnerability in the discoverandmanage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an authenticated attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ipaddress variable within an snmpbrowser action. id:...
CVE-2026-34116
Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribe.php line 15 without sanitization: exec"php jobs/transcribe.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...
CVE-2026-34111
Guardian language-system passes the id GET parameter directly into a PHP exec call in speechmactext.php line 18 without sanitization: exec"php jobs/speechaudiomactext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...
CVE-2026-34113
Guardian language-system passes the id GET parameter directly into a PHP exec call in speechtext.php line 18 without sanitization: exec"php jobs/speechaudiotext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...
CVE-2026-34115
Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribeamazon.php line 15 without sanitization: exec"php jobs/transcribeamazon.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...
CVE-2026-34108
Guardian language-system passes the id GET parameter directly into a PHP exec call in text.php line 15 without sanitization: exec"php jobs/text.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute...
EUVD-2026-41075
Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribe.php line 15 without sanitization: exec"php jobs/transcribe.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...
CVE-2026-34116
The CVE-2026-34116 entry concerns the Guardian language-system. The flaw occurs in transcribe.php where the GET parameter id is concatenated into a PHP exec() call without sanitization, enabling an unauthenticated remote attacker to inject shell commands. Affected component: Guardian language-sys...
CVE-2026-34109
Guardian language-system passes the id GET parameter directly into a PHP exec call in speech.php line 18 without sanitization: exec"php jobs/speechaudio.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...
CVE-2026-34108 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in text.php
Guardian language-system passes the id GET parameter directly into a PHP exec call in text.php line 15 without sanitization: exec"php jobs/text.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute...
EUVD-2026-41066
Guardian language-system passes the id GET parameter directly into a PHP exec call in text.php line 15 without sanitization: exec"php jobs/text.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute...
PYSEC-2026-473 PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection
Summary The fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through to subprocess execution. Affected Package - Ecosystem: PyP...
PYSEC-2026-424 Mlflow: Command Injection when serving models with enable_mlserver=True
A command injection vulnerability exists in Mlflow when serving a model with enablemlserver=True. The modeluri is embedded directly into a shell command executed via bash -c without proper sanitization. If the modeluri contains shell metacharacters, such as $ or backticks, it allows for command...
EulerOS 2.0 SP15 : openssh (EulerOS-SA-2026-2455)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.CVE-2026-35388 OpenSSH before 10.3 mishandles...
CVE-2026-45408
Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex ^a-z0-9^/:A-Z$ permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc EOF...
EUVD-2026-39801
Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex ^a-z0-9^/:A-Z$ permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc EOF...
CVE-2026-45408
Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex ^a-z0-9^/:A-Z$ permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc...