CVE-2025-59440

An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper handling of SIM card proactive commands leads to a...

CVE-2026-32968

Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the commb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383...

CVE-2026-25817

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by attackers with low privilege access on the gateway,...

Johnson Controls Metasys’ various products have security vulnerabilities

Johnson Controls Metasys is a building automation platform developed by Johnson Controls, a company based in the United States. Several products of Johnson Controls Metasys have security vulnerabilities, which stem from improper handling of special elements in commands, potentially leading to...

Apache Continuum 安全漏洞

Apache Continuum is a continuous integration server from the Apache Foundation. Apache Continuum suffers from a command injection vulnerability that stems from improper neutralization of special elements in commands, which can be exploited by an attacker to invoke arbitrary commands on the server...

CVE-2025-62354

CVE-2025-62354 affects Cursor and is characterized as improper neutralization of OS command elements (command injection) that allows an unauthorized, remote attacker to execute arbitrary code outside of an allowlist. Public sources in the connected set (Red Hat, NVD, EUVD, CVE list mirrors) descr...

Mydata Ticket Sales Automation SQL注入漏洞

Mydata Ticket Sales Automation is a ticket sales automation system from Mydata. A SQL injection vulnerability exists in Mydata Ticket Sales Automation versions prior to 03.04.2025, which stems from improperly neutralized SQL commands and could lead to blind SQL injection...

PT-2024-8519 · Fortinet · Fortimanager +2

Name of the Vulnerable Software and Affected Versions: Fortinet FortiManager versions 7.4.0 through 7.4.2 and before 7.2.5 Fortinet FortiAnalyzer versions 7.4.0 through 7.4.2 and before 7.2.5 Fortinet FortiAnalyzer-BigData before 7.4.0 Description: The issue is related to improper neutralization ...

Cisco UCS Manager Software Local Management CLI DoS (cisco-sa-ucs-cli-dos-GQUxCnTe)

According to its self-reported version, Cisco Unified Computing System Managed is affected by a DoS vulnerability. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit this vulnerability by executing specific commands on the local-mgmt CLI on an...