531 matches found
CVE-2023-41046
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki to execute Velocity code without having script right by creating an XClass with a property of type "TextArea" and content type "VelocityCode" or "VelocityWiki". For the...
CVE-2023-34987
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...
CVE-2023-47631
vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. In affected versions a node does not check if an image is allowed to run if a parentid is set. A malicious party that breaches the server may modify it to set a...
CVE-2022-39100
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed...
CVE-2022-22544
Solution Manager Diagnostics Root Cause Analysis Tools - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty f...
CVE-2021-30358
Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent...
CVE-2021-45809
GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the --script=...
CVE-2025-4366 Request Smuggling Vulnerability in Pingora
A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: ...
CVE-2025-4366 Request Smuggling Vulnerability in Pingora
A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: ...
CVE-2025-4366 Request Smuggling Vulnerability in Pingora
A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: ...
CVE-2020-28212
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when a brute force attack is done over Modbus...
CVE-2018-20299
An issue was discovered in several Bosch Smart Home cameras 360 degree indoor camera and Eyes outdoor camera with firmware before 6.52.4. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface, because there is a buffer overflow ...
Pingora 安全漏洞
Pingora is a Cloudflare open source library for building fast, reliable and evolvable web services. A security vulnerability exists in Pingora that stems from request smuggling and could lead to unauthorized request execution and cache poisoning...
CVE-2025-32702
CVE-2025-32702 is a Visual Studio command-injection vulnerability (Improper neutralization of special elements used in a command) that allows local code execution. Affected products include Microsoft Visual Studio 2019/2022 and related Build Tools; attack vector is LOCAL with LOW complexity, req...
CVE-2025-2492
An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information...
ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices. The vulnerability, tracked as CVE-2025-2492 , has a CVSS score of 9.2 out of a maximum of 10.0. "An improper...
CVE-2025-2492
An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information...
CVE-2025-2492
An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information...
CVE-2025-2492
CVE-2025-2492 affects ASUS AiCloud on supported routers and describes an improper authentication control that can be triggered by a crafted request, potentially allowing remote execution of functions with administrative privileges. Core details from connected sources indicate a high-severity (CVS...
PT-2025-17861 · Unknown · Wgs-4215-8T2S +1
Name of the Vulnerable Software and Affected Versions: WGS-80HPT-V2 affected versions not specified WGS-4215-8T2S affected versions not specified Description: The issue is a command injection attack that could allow an unauthenticated attacker to execute OS commands on the host system...