CVE-2025-37134

ArubaOS AOS-8 Controller/Mobility Conductor CLI binary is affected by an authenticated command injection vulnerability (CVE-2025-37134). Exploitation could allow an authenticated attacker to run arbitrary commands with privileged OS privileges. The Nessus/HPESBNW04957 and related advisories refer...

CVE-2025-37133 Authenticated Command Injection Vulnerability in AOS-8 Controller/Mobility Conductor Web-Based Management Interface via the CLI Binaryalong with accounting controls for tracking and logging user activities and resource usage.

An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2025-37133

CVE-2025-37133 affects ArubaOS AOS-8 Controller/Mobility Conductor CLI binary. An authenticated attacker could inject commands with privileged execution rights. The Nessus plugin ARUBAOS-HPESBNW04957 notes multiple vulnerabilities including this CVE, and lists affected ArubaOS versions prior to c...

CVE-2025-37133 Authenticated Command Injection Vulnerability in AOS-8 Controller/Mobility Conductor Web-Based Management Interface via the CLI Binaryalong with accounting controls for tracking and logging user activities and resource usage.

An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system...

EUVD-2025-34443

An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system...

EUVD-2025-34444

An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the...

PT-2025-41984

Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...

PT-2025-41976

Name of the Vulnerable Software and Affected Versions AOS-10 GW affected versions not specified AOS-8 Controller/Mobility Conductor affected versions not specified Description An arbitrary file write issue exists in the web-based management interface. Successful exploitation could allow an...

PT-2025-41985

Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...

PT-2025-41980

Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system...

PT-2025-41977

Name of the Vulnerable Software and Affected Versions AOS-8 Controller/Mobility Conductor affected versions not specified Description An authenticated command injection flaw exists in the Command Line Interface CLI binary. Exploitation allows an attacker with valid credentials to execute arbitrar...

PT-2025-41989

Name of the Vulnerable Software and Affected Versions AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems affected versions not specified Description An issue exists that could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploit...

PT-2025-41988

Name of the Vulnerable Software and Affected Versions AOS-10 GW affected versions not specified AOS-8 Controller/Mobility Conductor affected versions not specified Description An issue exists in a low-level interface library that could allow an authenticated malicious actor to download arbitrary...

PT-2025-41978

Name of the Vulnerable Software and Affected Versions AOS-8 Controller/Mobility Conductor affected versions not specified Description An authenticated command injection flaw exists in the CLI binary of the AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow a...

EUVD-2015-0760

Malware in sbrugna...

EUVD-2012-5985

Malware in sbrugna...

EUVD-2024-27913

Malicious code in bioql PyPI...

CVE-2025-26074

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...

Remote Code Execution (RCE)

org.conductoross, conductor-core is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper access control over Java class execution, which allows attackers to invoke system-level commands...

Conductor vulnerable to OS command injection through unrestricted access to Java classes

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...