The vulnerability of the software for managing VMware vCenter Server’s virtual infrastructure lies in the lack of measures taken to neutralize special elements used in the operating system commands, allowing attackers to execute arbitrary commands.

The vulnerability of the software for managing VMware vCenter Server lies in the lack of measures taken to neutralize the special elements used in the operating system’s command set. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...

Absolute Persistence 安全漏洞

Absolute Persistence is a factory-embedded technology from Absolute that enables endpoint security resiliency. A security vulnerability exists in versions prior to Absolute Persistence 2.8 that stems from an inactive state that could allow an attacker with physical access to the device to execute...

The vulnerability of function 0x41710c() in D-Link DIR-832x router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of function 0x41710c in D-Link DIR-832x router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of function 0x41737c() in D-Link DIR-832x router microprogramming software allows a attacker to execute arbitrary commands.

The vulnerability of function 0x41737c in D-Link DIR-832x router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2025-43920

GNU Mailman 2.1.39, as bundled in cPanel and WHM, in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardles...

CVE-2025-3579 Code Injection Vulnerability in AiDex

In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open registry, could execute unauthorised commands within the system. This includes executing operating system Unix commands, interacting with internal services such as PHP or MySQL, and even invoking native...

Palo Alto Networks Cortex XDR Broker VM 操作系统命令注入漏洞

Palo Alto Networks Cortex XDR Broker VM is a secure virtual machine from Palo Alto Networks, Inc. that integrates with Cortex XDR to bridge the network and Cortex XDR. A security vulnerability exists in the Palo Alto Networks Cortex XDR Broker VM, which stems from command injection and could lead...

The vulnerability of the setWebWlanIdx function in the /lib/cste_modules/wireless.so file of the TOTOLINK A3100R router’s microprogramming system, which allows a attacker to execute arbitrary commands.

The vulnerability of the setWebWlanIdx function in the /lib/cstemodules/wireless.so module of the TOTOLINK A3100R router’s microprogramming system is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a...

The vulnerability of the formMapDelDevice function in the microprogramming software for TOTOLINK A3002R allows a intruder to execute arbitrary commands.

The vulnerability of the formMapDelDevice function in the microprogrammed software of TOTOLINK A3002R routers lies in the lack of measures to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2025-27079

CVE-2025-27079 affects HPE AOS-8 Instant and AOS-10 AP CLI file creation. A vulnerability in the file creation process could allow an authenticated remote attacker to perform remote code execution (RCE), enabling execution of arbitrary OS commands on the underlying host and potential system compr...

Dell Unity OS Command Injection Vulnerability (CNVD-2025-06613)

Dell Unity is a set of virtual Unity storage environments from Dell USA. An OS command injection vulnerability exists in Dell Unity 5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary operating system commands on the system...

Dell Unity OS Command Injection Vulnerability (CNVD-2025-06615)

Dell Unity is a set of virtual Unity storage environments from Dell USA. An OS command injection vulnerability exists in Dell Unity 5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary operating system commands on the system...

Dell Unity OS Command Injection Vulnerability (CNVD-2025-06621)

Dell Unity is a set of virtual Unity storage environments from Dell USA. An OS command injection vulnerability exists in Dell Unity 5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary operating system commands on the system...

CVE-2025-26056

A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module "MTR" functionality. The vulnerability is due to improper validation of user-supplied input in the mtrIp parameter. An attacker can exploit this flaw to execute arbitrary operating system commands ...

CVE-2025-26056

A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module "MTR" functionality. The vulnerability is due to improper validation of user-supplied input in the mtrIp parameter. An attacker can exploit this flaw to execute arbitrary operating system commands ...

Infinxt iEdge 100 安全漏洞

Infinxt iEdge 100 is a next-generation secure SD-WAN appliance for small and medium-sized branch offices from Infinxt. A security vulnerability exists in the Infinxt iEdge 100 version 2.1.32, which stems from improper validation of user input for the mtrIp parameter in the MTR function of the...

PT-2025-14379 · Infinxt · Infinxt Iedge 100

Name of the Vulnerable Software and Affected Versions: Infinxt iEdge 100 version 2.1.32 Description: A command injection issue exists in the Troubleshoot module's "MTR" functionality due to improper validation of user-supplied input in the mtrIp parameter. This allows an attacker to execute...

The vulnerability of the graphical user interface of the FortiIsolator browser platform allows a hacker to execute arbitrary code.

The vulnerability of the graphical user interface of the FortiIsolator browser platform exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2024-49563

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system...

Dell Unity 操作系统命令注入漏洞

Dell Unity is a set of virtual Unity storage environments from Dell USA. An OS command injection vulnerability exists in Dell Unity 5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary operating system commands on the system...