| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privileges. |
| Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions. |
| An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data. |
| A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters. |
| Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions. |
| Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions. |
| Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privilege. |
| A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads project-local .env and .codex/config.toml files without requiring user confirmation, allowing attackers to embed arbitrary commands that execute immediately. |
| NPM package next-npm-version1.0.1 is vulnerable to Command injection. |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors. |
| Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device. |
| Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device. |
| Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions. |
| Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions. |
| Subscriber Broken Access Control in ChatBot <= 7.9.7 versions. |
| Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions. |
| Subscriber Broken Access Control in myCred <= 3.0.3 versions. |
| Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions. |
