PT-2025-34976

Name of the Vulnerable Software and Affected Versions: SS1 versions 16.0.0.10 and earlier SS1 Media versions 16.0.0a and earlier Description: SS1 versions 16.0.0.10 and earlier Media version: 16.0.0a and earlier allow a remote, unauthenticated attacker to upload arbitrary files and execute OS...

CVE-2022-43110

Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password,...

CVE-2025-3128

A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause a denial-of service condition on the product...

PT-2025-34489 · Voltronic Power +1 · Viewpower +1

Name of the Vulnerable Software and Affected Versions: Voltronic Power ViewPower versions 1.04-21353 and earlier PowerShield Netguard versions prior to 1.04-23292 Description: A remote attacker can configure the system via a web interface without authentication. This includes changing the web...

CVE-2025-3128

A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause a denial-of service condition on the product...

CVE-2025-8943

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls RBAC. Furthermore, in Flowise versions before 3.0.1 the...

CVE-2025-20220

A vulnerability in the CLI of Cisco Secure Firewall Management Center FMC Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper inp...

Flowise OS command remote code execution

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls RBAC. Furthermore, in Flowise versions before 3.0.1 the...

CVE-2025-8943

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls RBAC. Furthermore, in Flowise versions before 3.0.1 the...

CVE-2025-8943

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls RBAC. Furthermore, in Flowise versions before 3.0.1 the...

KuWFi GC111 安全漏洞

KuWFi GC111 is a WiFi router from KuWFi China. A security vulnerability exists in the KuWFi GC111 that stems from improper handling of unauthenticated requests and could lead to the execution of arbitrary OS commands...

Linksys多款产品 命令注入漏洞

The Linksys RE6250, among others, is a wireless extender from Linksys USA. A command injection vulnerability exists in various Linksys products, which stems from improper manipulation of multiple parameters in the ipv6cmd function, which could lead to os command injection. The following products...

CVE-2025-8748

MiR software versions prior to 3.0.0 are affected by a command injection vulnerability that allows an authenticated user to execute arbitrary OS commands via a crafted HTTP request. Affected product: MiR robots software. Root cause: inadequate input handling in HTTP request processing leading to ...

CVE-2025-55077

Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment...

CVE-2025-55077

Tyler Technologies ERP Pro 9 SaaS is affected by CVE-2025-55077, where an authenticated user can escape the application and run limited operating system commands in the remote Windows environment with their own privileges. The available sources describe the vulnerability without explicit technica...

The vulnerability of the microprogramming software of the Aitemi M300 wireless signal amplifiers (MT02) arises from the lack of measures taken to neutralize special elements used in the operating system’s command structure. This allows attackers to enhance their privileges and execute arbitrary code.

The vulnerability of the microprogramming software of the Aitemi M300 MT02 wireless signal amplifiers is related to the lack of measures taken to neutralize special elements used in the operating system’s processing of the SSID identifier. Exploiting this vulnerability can allow a remote attacker...

PT-2025-32306 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: Tyler Technologies ERP Pro 9 SaaS affected versions not specified Description: The software allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment...

Tyler Technologies ERP Pro 9 SaaS 安全漏洞

Tyler Technologies ERP Pro 9 SaaS is an enterprise resource planning software from Tyler Technologies, Inc. A security vulnerability exists in Tyler Technologies ERP Pro 9 SaaS that originates from limited operating system commands that can be executed by an authenticated user...

The vulnerability of the AI-based code editor Cursor lies in its lack of measures to neutralize special elements used in the operating system command. This allows a perpetrator to execute arbitrary code.

The vulnerability of the AI-based code editor Cursor relates to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2025-36607

Dell Unity, versions 5.5 and prior, contains an OS Command Injection Vulnerability in its svcnas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges...