PT-2025-50662

Name of the Vulnerable Software and Affected Versions Ruijie X30 PRO V1 X30-PRO-V1 09241521 Description An issue exists in Ruijie X30 PRO V1 X30-PRO-V1 09241521 that allows attackers to execute arbitrary commands. This is possible through a crafted POST request to the module get function within t...

CVE-2025-56088

CVE-2025-56088 affects Ruijie RG-BCR RG-BCR860. The vulnerability is an OS command injection caused by unvalidated input in the action_service endpoint at /usr/lib/lua/luci/controller/admin/service.lua, exploitable via a crafted POST request. Impact as described: arbitrary command execution with ...

CVE-2025-53949

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated...

Fortinet FortiSandbox 操作系统命令注入漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from US-based Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. An operating system command injection vulnerability exists in Fortine...

EUVD-2025-199679

Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...

EUVD-2025-199672

Unauthenticated OS Command Injection restoresettings.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform URL-decoded name parameter passed to exec allows remote code execution. The...

PT-2025-48141

Name of the Vulnerable Software and Affected Versions Cursor affected versions not specified Description An improper neutralization of special elements used in an OS command 'command injection' exists in Cursor. This allows an unauthorized attacker to execute commands that are outside of those...

EUVD-2025-197852

CWE-78 Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...

PT-2025-47179

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The software contains a flaw related to improper neutralization of special elements used in an OS command, potentially leading to OS command injection. This iss...

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system OS commands under certain conditions. "The vulnerability allows remote unauthenticated attackers to easily...

CVE-2025-46423

Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges...

CVE-2025-43942

Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privilege...

CVE-2025-43941

Dell Unity, versions 5.5 and Prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary command with root privileges. This...

CVE-2025-6541

An arbitrary OS command may be executed on the product by the user who can log in to the web management interface...

CVE-2025-6542

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...

CVE-2025-7850 Authenticated OS command execution

A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways...

EUVD-2025-35117

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...

CVE-2025-6541 OS command injection using information obtained from the web management interface

An arbitrary OS command may be executed on the product by the user who can log in to the web management interface...

CVE-2025-61941

A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the affected product. Moreover, arbitrary OS command may be executed via some file alteration...

CVE-2025-10243

OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...