CVE-2020-37032

Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the...

Archer MR600 vulnerable to OS command injection

Overview Archer MR600 provided by TP-Link Systems Inc. contains the following vulnerability. OS command injection CWE-78 - CVE-2025-14756 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An arbitrary OS command may be execute...

CVE-2026-1428

Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server...

CVE-2021-47853

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...

SUSE CVE-2021-47853

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2021-47853

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

EUVD-2026-3636

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...

CVE-2021-47853

Removed by vendor...

CVE-2025-37172

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...

CVE-2026-0403

An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections...

CVE-2026-0406 Insufficient input validation in NETGEAR Nighthawk router XR1000v2

An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections...

CVE-2026-0498

SAP S/4HANA Private Cloud and On-Premise allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability...

PT-2026-2341

Name of the Vulnerable Software and Affected Versions SAP Application Server for ABAP and SAP NetWeaver RFCSDK affected versions not specified Description An authenticated attacker with administrative access and adjacent network access could potentially execute arbitrary operating system commands...

CVE-2026-0854

The CVE concerns Merit LILIN DVR/NVR devices that expose an OS Command Injection vulnerability. The affected component is the device OS on Merit LILIN DVR/NVR models; the root cause is an OS command injection vector that allows an authenticated remote attacker to inject and run arbitrary OS comma...

CVE-2021-33672

Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the usage of ActiveX in the application, the...

CVE-2025-11157

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...

Gargoyle Router Management Utility 安全漏洞

Gargoyle Router Management Utility is a third-party router firmware from Gargoyle. A security vulnerability exists in Gargoyle Router Management Utility version 1.5.x, which stems from a restricted or insufficient validation of the commands parameter input, which could allow an authenticated...

CVE-2019-25257

LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command,...

PT-2025-53377

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A remote, unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands. The attack involves accessing an API endpoint that allows f...

LogicalDOC Enterprise 安全漏洞

LogicalDOC Enterprise is a document management system from LogicalDOC Italy. A security vulnerability exists in LogicalDOC Enterprise version 7.7.4, which originates from insufficient validation of binary paths when modifying system settings, and may result in the execution of operating system...