Search Results (21124 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-54994 2026-04-15 N/A
@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP Server exposes the tool `which-app-on-port` which relies on Node.js child process API `exec` which is an unsafe and vulnerable API if concatenated with untrusted user input. Version 0.0.13 contains a fix for the issue.
CVE-2015-10141 2026-04-15 5.6 Medium
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker can send a crafted eval command over this interface to execute arbitrary PHP code, which may invoke system-level functions such as system() or passthru(). This results in full compromise of the host under the privileges of the web server user.
CVE-2021-47775 1 Litexmedia 1 Youtube Video Grabber 2026-04-15 8.4 High
YouTube Video Grabber, now referred to as YouTube Downloader, 1.9.9.1 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious payload of 712 bytes with SEH manipulation to trigger a bind shell connection on a specified local port.
CVE-2021-47774 1 Kingdia 1 Cd Extractor 2026-04-15 9.8 Critical
Kingdia CD Extractor 3.0.2 contains a buffer overflow vulnerability in the registration name field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload exceeding 256 bytes to overwrite Structured Exception Handler and gain remote code execution through a bind shell.
CVE-2025-24351 2026-04-15 8.8 High
A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request.
CVE-2019-25289 1 Inim 1 Smartliving Smartlan 2026-04-15 8.8 High
SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system() function call to execute arbitrary system commands with root privileges using default credentials.
CVE-2021-33633 2026-04-15 7.3 High
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated with program files ceres/function/util.Py. This issue affects aops-ceres: from 1.3.0 through 1.4.1.
CVE-2025-2172 1 Aviatrix 1 Controller 2026-04-15 N/A
Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames
CVE-2025-61553 1 Bitvisor 1 Bitvisor 2026-04-15 8.2 High
An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor crash) via a crafted PCI configuration space access. Given it's a heap overflow in a privileged hypervisor context, exploitation may enable arbitrary code execution or guest-to-host privilege escalation.
CVE-2024-41956 1 Charmbracelet 1 Soft-serve 2026-04-15 8.1 High
Soft Serve is a self-hostable Git server for the command line. Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. The issue is that Soft Serve passes all environment variables given by the client to git subprocesses. This includes environment variables that control program execution, such as LD_PRELOAD. This vulnerability is fixed in 0.7.5.
CVE-2025-10265 1 Digiever 6 Ds-1200, Ds-16x00, Ds-2100 and 3 more 2026-04-15 8.8 High
Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
CVE-2024-42370 1 Litestar-org 1 Litestar 2026-04-15 8.3 High
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. In versions 2.10.0 and prior, Litestar's `docs-preview.yml` workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the permission to write issues, read metadata, and write pull requests. In addition, the `DOCS_PREVIEW_DEPLOY_TOKEN` is exposed to the attacker. Commit 84d351e96aaa2a1338006d6e7221eded161f517b contains a fix for this issue.
CVE-2025-60017 1 Unitree 4 B2, G1, Go2 and 1 more 2026-04-15 8.2 High
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapd_restart.sh wifi_ssid or wifi_pass parameter (within restart_wifi_ap and restart_wifi_sta).
CVE-2025-41683 1 Weidmueller 3 Ie-sr-2tx-wl, Ie-sr-2tx-wl-4g-eu, Ie-sr-2tx-wl-4g-us-v 2026-04-15 8.8 High
An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint event_mail_test).
CVE-2024-0074 1 Nvidia 1 Gpu Display Driver 2026-04-15 7.1 High
NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the end of the buffer. A successful exploit of this vulnerability may lead to denial of service and data tampering.
CVE-2025-54314 2026-04-15 2.8 Low
Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."
CVE-2025-37129 2 Arubanetworks, Hp 2 Edgeconnect Enterprise, Arubaos 2026-04-15 6.7 Medium
A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system if the feature is enabled without proper security measures.
CVE-2025-41649 2026-04-15 7.5 High
An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices.
CVE-2025-12489 1 Evernote 1 Evernote 2026-04-15 N/A
evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the openBrowser function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-27913.
CVE-2025-47203 1 Dropbear Ssh Project 1 Dropbear Ssh 2026-04-15 4.5 Medium
dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.