CVE-2025-24383

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is...

VulnCheck KEV: CVE-2025-1316

Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users should discontinue...

acmailer CGI and acmailer DB vulnerable to OS command injection

Overview acmailer CGI and acmailer DB provided by Extra Innovation Inc. contain an OS command injection vulnerability CWE-78. Extra Innovation Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Extra Innovation Inc. coordinated under the...

I-O Data Device UD-LT2 操作系统命令注入漏洞

I-O Data Device UD-LT2 is a wireless router from I-O Data Device Japan. An operating system command injection vulnerability exists in I-O Data Device UD-LT2 1.00.008SE and prior versions, which stems from the presence of a disjointed special element that allows an attacker to execute arbitrary...

Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation

Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a varie...

Fortinet FortiManager 操作系统命令注入漏洞

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains ADOM to further simplify the deployment and management of multi-device...

FXC AE1021和FXC AE1021PE 操作系统命令注入漏洞

FXC AE1021 and FXC AE1021PE are both products of FXC Corporation.FXC AE1021 is a panel wireless router with integrated RJ-45, RJ-11, and power ports.FXC AE1021PE is a wireless LAN router with support for information egress. An operating system command injection vulnerability exists in the FXC...

CVE-2024-50366

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The source of the vulnerability relies on...

PT-2024-8173 · D Link · D-Link Dsl6740C

Name of the Vulnerable Software and Affected Versions: D-Link DSL6740C modem affected versions not specified Description: The D-Link DSL6740C modem has an OS Command Injection issue, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a...

GHSA-8FRP-PXQ2-3GPQ Magento OS Command ('OS Command Injection') vulnerability

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user...

Realtek rtl819x Jungle SDK OS Command Injection Vulnerability

The Realtek rtl819x Jungle SDK is a driver for a wireless LAN chip from China-based Realtek Semiconductor Realtek. An OS command injection vulnerability exists in Realtek rtl819x Jungle SDK version v3.4.11, which stems from an OS command injection vulnerability in the boa formWsc function...

Sysaid Technologies SysAid Operating System Command Injection Vulnerability

Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, an Israeli company. SysAid suffers from an operating system command injection vulnerability that stems from improper neutralization of special elements used in operating system commands, resulting i...

LoLLMs Operating System Command Injection Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. An operating system command injection vulnerability exists in LoLLMs version 9.3 that stems from improper neutralization of special elements used in operating system commands, which could allow...

CVE-2024-34073

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

CVE-2024-34073 Command Injection in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

CVE-2024-34073 Command Injection in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

Tenda AC10 操作系统命令注入漏洞

Tenda AC10 is a wireless router from Tenda, China. An OS command injection vulnerability exists in Tenda AC10U version 15.03.06.48, which originates from an OS command injection in the usbName parameter of the formSetSambaConf method on the /goform/setsambacfg page...

CVE-2024-2742 OS Command Injection in Planet IGS-4215-16T2S

Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. An authenticated attacker could execute arbitrary code on the remote host by exploiting IP address functionality...

PT-2024-2833

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.1.5.2645 build 20240116 QuTS hero versions prior to h5.1.5.2647 build 20240118 QuTScloud versions prior to c5.1.5.2651 Description An OS command injection vulnerability exists in QNAP operating system versions due to th...

Multiple vulnerabilities in CubeCart

Overview CubeCart provided by CubeCart Limited contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2023-38130 Directory traversal CWE-22 - CVE-2023-42428 Directory traversal CWE-22 - CVE-2023-47283 OS command injection CWE-78 - CVE-2023-47675 Gen Sato of Mitsu...