356 matches found
CVE-2025-36354 IBM Security Verify Access command execution
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input...
CVE-2025-36354 IBM Security Verify Access command execution
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input...
EUVD-2025-25810
Malicious code in bioql PyPI...
EUVD-2022-49223
Malicious code in bioql PyPI...
EUVD-2025-29647
Malicious code in bioql PyPI...
EUVD-2023-32350
Malicious code in bioql PyPI...
EUVD-2021-7598
Malicious code in bioql PyPI...
EUVD-2025-19644
Malicious code in bioql PyPI...
EUVD-2021-7600
Malicious code in bioql PyPI...
CVE-2025-11005
The CVE-2025-11005 issue affects TOTOLINK X6000R, where OS Command Injection arises from improper neutralization of special elements in user input. Affected versions: X6000R up to and including V9.4.0cu.1458_B20250708. Root cause: failure to properly filter special elements allows an attacker to ...
CVE-2025-11005 TOTOLINK X6000R Unauthenticated Command Injection Vulnerability
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1458B20250708...
CVE-2025-11005 TOTOLINK X6000R Unauthenticated Command Injection Vulnerability
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1458B20250708...
CVE-2025-57174
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all...
CVE-2025-34184
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...
CVE-2025-34184
CVE-2025-34184 affects Ilevia EVE X1 Server (≤4.7.18.0.eden). The vulnerability is an unauthenticated OS command injection in /ajax/php/login.php, allowing remote attackers to inject commands via the passwd POST parameter and potentially achieve full system compromise or DoS. Some sources also do...
CVE-2025-10364 Unauthenticated Arbitrary Command Injection in Evertz SDVN
The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among...
Linux Distros Unpatched Vulnerability : CVE-2025-43920
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Mailman 2.1.39, as bundled in cPanel and WHM, in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands...
Linux Distros Unpatched Vulnerability : CVE-2022-36640
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the...
D-Link DIR-868L 安全漏洞
The D-Link DIR-868L is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-868L B1 FW2.05WWB02 version, which originates from an unauthenticated OS command injection in the fileaccess.cgi component, which could lead to the execution of arbitrary comman...
CVE-2010-20059
FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The execraw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation...