PT-2025-32989 · Unknown · Cherry-Studio

Name of the Vulnerable Software and Affected Versions: Cherry Studio versions 1.2.5 through 1.5.1 Description: Cherry Studio is vulnerable to OS Command Injection when connecting to a malicious MCP server in HTTP Streamable mode. Attackers can establish a malicious MCP server with compatible OAut...

CVE-2025-8828 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setIpv6 ipv6cmd os command injection

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function ipv6cmd of the file /goform/setIpv6. The manipulation of the argument...

CVE-2025-8827 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_inspect_cross_band os command injection

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function uminspectcrossband of the file /goform/RPsetBasicAuto. The manipulation of the argument staticGateway leads to os command injection. The attack may be initiated...

CVE-2025-54958

Powered BLUE 870 versions 0.20130927 and prior contain an OS command injection vulnerability. If this vulnerability is exploited, arbitrary OS commands may be executed on the affected product...

CVE-2025-8697

A vulnerability was found in agentUniverse up to 0.0.18 and classified as critical. This issue affects the function StdioServerParameters of the component MCPSessionManager/MCPTool/MCPToolkit. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has be...

PT-2025-32345 · Unknown · Powered Blue 870

Name of the Vulnerable Software and Affected Versions: Powered BLUE 870 versions 0.20130927 and prior Description: Powered BLUE 870 versions 0.20130927 and prior contain an OS command injection issue. Successful exploitation of this issue may allow arbitrary OS commands to be executed on the...

PT-2025-30720 · Databasebackup +1 · Wp Database Backup – Unlimited Database & Files Backup By Backup For Wp +1

The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the host operating system...

Eveo URVE Web Manager 安全漏洞

Eveo URVE Web Manager is a digital signage management platform from Eveo, Poland. A security vulnerability exists in Eveo URVE Web Manager version 27.02.2025, which originates in the endpoint /internal/pc/vpro.php allowing OS command injection...

Frauscher Sensortechnik多款产品 操作系统命令注入漏洞

Frauscher Sensortechnik FDS102 and others are a diagnostic system device from Frauscher. An operating system command injection vulnerability exists in various Frauscher Sensortechnik products, which stems from improper neutralization of special elements when uploading configuration files, and cou...

Scriptcase 操作系统命令注入漏洞

Scriptcase is a low-code platform for rapid application development from Scriptcase, Inc. An operating system command injection vulnerability exists in Scriptcase version 9.12.006, which stems from a command injection in the SSH connection settings that could lead to system command execution...

TB-eye多款产品 操作系统命令注入漏洞

TB-eye Network recorders and TB-eye AHD recorders are both products of the Japanese company TB-eye.TB-eye Network recorders are a line of network recorders.TB-eye AHD recorders are a line of video recorders. An operating system command injection vulnerability exists in several TB-eye products,...

WeGIA 操作系统命令注入漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from an operating system command injection vulnerability that stems from the branch parameter not being properly cleaned up in the /html/configuracao/debuginfo.php endpoint. An attacker could exploit this vulnerability to execute...

Siemens SCALANCE LPE9403 OS Command Injection Vulnerability (CNVD-2025-17604)

Siemens SCALANCE LPE9403 is a local processing engine for industrial field data processing from Siemens. It is used to capture, collect and pre-process industrial field data. The Siemens SCALANCE LPE9403 suffers from an operating system command injection vulnerability that originates from...

CVE-2023-3313

An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands...

CVE-2017-1000214

GitPHP by xiphux is vulnerable to OS Command Injections...

CVE-2024-50567

An improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input...

CVE-2024-40584

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiAnalyzer version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and 6.2.2 through 6.2.13, Fortinet FortiManager version 7.4.0...

CVE-2024-8957

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntpaddr configuration value which may lead to arbitrary command execution when ntpclient is started. When chained with CVE-2024-8956, a remote and...

CVE-2024-57024

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg...

CVE-2024-57022

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg...