EUVD-2020-1483

Malware in sbrugna...

EUVD-2021-28411

Malicious code in bioql PyPI...

EUVD-2023-43256

Malicious code in bioql PyPI...

CVE-2013-10052 ZPanel zsudo Local Privilege Escalation

ZPanel includes a helper binary named zsudo, intended to allow restricted privilege escalation for administrative tasks. However, when misconfigured in /etc/sudoers, zsudo can be invoked by low-privileged users to execute arbitrary commands as root. This flaw enables local attackers with shell...

CVE-2025-50756

Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the setsysadm function via the newpass parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2023-47297

A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations...

CVE-2021-20790

Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors...

CVE-2020-28026

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification DSN. Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary...

TOTOLINK A3002R Command Injection Vulnerability

TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3002R suffers from a command injection vulnerability that stems from the FUN00459fdc function failing to properly filter constructed command special characters, commands, etc. The vulnerability can be...

CVE-2025-44882

CVE-2025-44882 affects WAVLINK WL-WN579A3 v1.0 through the /cgi-bin/firewall.cgi endpoint. The flaw is a command injection via crafted input, enabling arbitrary command execution. Root cause: unfiltered input in firewall.cgi. Impact, per CVSS: Critical (NETWORK, no user interaction required, high...

CVE-2025-44839

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44867

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44864

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44867

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44864

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

D-Link DIR-832x 0x41dda8 Function Code Injection Vulnerability

The D-Link DIR-832x is a wireless router from China's AUO D-Link. A code injection vulnerability exists in the D-Link DIR-832x, which stems from the function 0x41dda8 failing to properly filter construct command special characters, commands, etc. An attacker can exploit this vulnerability to...

CVE-2024-54806

Netgear WNR854T (firmware 1.5.2, North America) is affected by CVE-2024-54806 due to an Arbitrary command execution in cmd.cgi. The root cause, as described in CNVD/RH/NVD entries, is that cmd.cgi does not adequately filter constructed commands and characters, enabling an attacker to execute syst...

Dell ThinOS Command Injection Vulnerability

Dell ThinOS is a client operating system from the American company Dell. Dell ThinOS suffers from a command injection vulnerability that arises from an application's failure to properly filter constructed command special characters, commands, etc. The vulnerability can be exploited to execute...

CVE-2025-24864

Incorrect access permission of a specific folder issue exists in RemoteView Agent for Windows versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege...

Linux Distros Unpatched Vulnerability : CVE-2017-14867

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands su...