| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data. |
| A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters. |
| Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions. |
| Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions. |
| Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privilege. |
| A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads project-local .env and .codex/config.toml files without requiring user confirmation, allowing attackers to embed arbitrary commands that execute immediately. |
| NPM package next-npm-version1.0.1 is vulnerable to Command injection. |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via unspecified vectors. |
| Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device. |
| Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device. |
| Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions. |
| Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions. |
| Subscriber Broken Access Control in ChatBot <= 7.9.7 versions. |
| Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions. |
| Subscriber Broken Access Control in myCred <= 3.0.3 versions. |
| Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions. |
| Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions. |
| Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions. |
