PT-2025-48141

Name of the Vulnerable Software and Affected Versions Cursor affected versions not specified Description An improper neutralization of special elements used in an OS command 'command injection' exists in Cursor. This allows an unauthorized attacker to execute commands that are outside of those...

EUVD-2025-197852

CWE-78 Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...

PT-2025-47179

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The software contains a flaw related to improper neutralization of special elements used in an OS command, potentially leading to OS command injection. This iss...

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system OS commands under certain conditions. "The vulnerability allows remote unauthenticated attackers to easily...

CVE-2025-46423

Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges...

CVE-2025-43942

Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privilege...

CVE-2025-43941

Dell Unity, versions 5.5 and Prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary command with root privileges. This...

CVE-2025-6541

An arbitrary OS command may be executed on the product by the user who can log in to the web management interface...

CVE-2025-6542

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...

CVE-2025-7850 Authenticated OS command execution

A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways...

EUVD-2025-35117

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...

CVE-2025-6541 OS command injection using information obtained from the web management interface

An arbitrary OS command may be executed on the product by the user who can log in to the web management interface...

CVE-2025-61941

A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the affected product. Moreover, arbitrary OS command may be executed via some file alteration...

CVE-2025-10243

OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

CVE-2025-10242

CVE-2025-10242 affects Ivanti Endpoint Manager Mobile (EPMM) via an OS command injection vulnerability in the admin panel. The issue allows a remote authenticated attacker with admin privileges to achieve remote code execution. Affected versions are Ivanti EPMM before 12.6.0.2, 12.5.0.x before 12...

PT-2025-41927

Name of the Vulnerable Software and Affected Versions Ivanti EPMM versions prior to 12.6.0.2 Ivanti EPMM versions prior to 12.5.0.4 Ivanti EPMM versions prior to 12.4.0.4 Description A flaw exists in the admin panel of Ivanti EPMM that allows a remote authenticated attacker with admin privileges ...

PT-2025-41757

Name of the Vulnerable Software and Affected Versions Ericsson RAN Compute and Site Controller affected versions not specified Description The software contains a high severity issue where improper neutralization of special elements used in an OS command could be exploited, potentially leading to...

CVE-2025-11490 wonderwhy-er DesktopCommanderMCP Absolute Path command-manager.ts extractBaseCommand os command injection

A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...

CVE-2025-43906

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralizatio...

EUVD-2017-1487

Malware in sbrugna...