PT-2025-39806

Name of the Vulnerable Software and Affected Versions mirweiye wenkucms versions up to 3.4 Description A flaw exists that allows for remote operating system command injection. This occurs due to manipulation of the createPathOne function within the app/common/common.php file. The exploit has been...

CVE-2025-43943

Dell Cloud Disaster Recovery, versions prior to 19.20, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with...

IBM Watsonx.data 操作系统命令注入漏洞

IBM Watsonx.data is an open data lake warehouse platform from International Business Machines IBM. An operating system command injection vulnerability exists in IBM Watsonx.data version 2.2 that stems from not properly validating user input and can be exploited by an attacker to cause a privilege...

CVE-2025-10440 D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection

A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub4621DC of the file usbpaswd.asp of the component jhttpd. The manipulation of the argument hname leads to os comma...

VulnCheck KEV: CVE-2023-50381

Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This comman...

CVE-2025-10327

A weakness has been identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/api/playlist/shuffle.php. Executing manipulation of the argument playlist can lead to os command injection. The attack can be launched remotely...

Digiever NVR 操作系统命令注入漏洞

The Digiever NVR is a camera centralized management, video storage and surveillance device from Digiever Corporation of Taiwan, China. The Digiever NVR suffers from an operating system command injection vulnerability that originates from an unauthenticated remote attacker who can inject arbitrary...

Dell PowerProtect Data Manager Operating System Command Injection Vulnerability

Dell PowerProtect Data Manager PPDM is a data protection solution from Dell USA. The product supports features such as data backup, virtual machine backup and database protection. A security vulnerability exists in Dell PowerProtect Data Manager versions 19.19 and 19.20, which can be exploited by...

CVE-2025-43884

Dell PowerProtect Data Manager, versions 19.19 and 19.20, Hyper-V contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command...

PT-2025-37052

Name of the Vulnerable Software and Affected Versions: 1panel version 2.0.8 Description: An OS Command injection issue exists in the OperateSSH function within 1panel. Attackers can execute arbitrary commands by manipulating the operation parameter of the /api/v2/hosts/ssh/operate API endpoint...

CVE-2025-9528 Linksys E1700 systemCommand os command injection

A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been publicly...

PT-2025-34717 · Ruijie · Ruijie Ws7204-A

Name of the Vulnerable Software and Affected Versions: Ruijie WS7204-A version 2017.06.15 Description: A vulnerability exists in Ruijie WS7204-A 2017.06.15 related to os command injection. The issue is located in the file /itbox pi/branch import.php?a=branch list, where manipulation of the provin...

CVE-2025-9174

An os command injection flaw has been discovered in neurobin shc. The make function in the src/shc.c file does not properly handle user input, which may lead to command injection. This vulnerability requires local access in order to exploit. Mitigation Mitigation for this issue is either not...

PT-2025-34167 · Mcp-Cli · Mcp-Cli

Name of the Vulnerable Software and Affected Versions: wong2 mcp-cli version 1.13.0 Description: A flaw has been identified in the redirectToAuthorization function within the oAuth Handler component, specifically in the file /src/oauth/provider.js. This manipulation results in OS command injectio...

CVE-2025-9174

The CVE describes a local OS command-injection in neurobin shc ≤ 4.0.3, caused by unsafe handling in the make function of src/shc.c (Filename Handler). Public exploit details indicate local access is required; exploitation has been disclosed. Impact includes potential compromise of confidentialit...

Exploit for OS Command Injection in Fortinet Fortisiem

watchTowr-vs-FortiSIEM-CVE-2025-25256 Detection Artifact Gene...

Linux Distros Unpatched Vulnerability : CVE-2015-10141

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. Wh...

CVE-2025-8876

Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1...

CVE-2025-54074 Cherry Studio is Vulnerable to OS Command Injection during Connection with a Malicious MCP Server

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup a malicious MCP server with compatible OAuth...

Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code

Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild. The vulnerability, tracked as CVE-2025-25256 , carries a CVSS score of 9.8 out of a maximum of 10.0. "An improper neutralization of special elements used in an OS command...