CVE-2025-10242

CVE-2025-10242 affects Ivanti Endpoint Manager Mobile (EPMM) via an OS command injection vulnerability in the admin panel. The issue allows a remote authenticated attacker with admin privileges to achieve remote code execution. Affected versions are Ivanti EPMM before 12.6.0.2, 12.5.0.x before 12...

PT-2025-41927

Name of the Vulnerable Software and Affected Versions Ivanti EPMM versions prior to 12.6.0.2 Ivanti EPMM versions prior to 12.5.0.4 Ivanti EPMM versions prior to 12.4.0.4 Description A flaw exists in the admin panel of Ivanti EPMM that allows a remote authenticated attacker with admin privileges ...

PT-2025-41757

Name of the Vulnerable Software and Affected Versions Ericsson RAN Compute and Site Controller affected versions not specified Description The software contains a high severity issue where improper neutralization of special elements used in an OS command could be exploited, potentially leading to...

CVE-2025-11490 wonderwhy-er DesktopCommanderMCP Absolute Path command-manager.ts extractBaseCommand os command injection

A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...

CVE-2025-43906

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralizatio...

EUVD-2020-29851

Malware in sbrugna...

EUVD-2017-1487

Malware in sbrugna...

Unity Linux 20.1070e Security Update: xterm (UTSA-2025-680592)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680592 advisory. xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi...

CVE-2025-60957

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information...

CVE-2025-60957

The CVE-2025-60957 entry concerns EndRun Technologies Sonoma D12 Network Time Server (GPS) firmware 4.00 on hardware/version 6010-0071-000. The vulnerability is an OS Command Injection in the router’s OS, enabling an unauthenticated or remote attacker to potentially execute arbitrary code, cause ...

CVE-2025-60965

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and possibly other unspecified impacts...

CVE-2025-60962

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts...

EUVD-2022-50315

Malicious code in bioql PyPI...

EUVD-2023-28541

Malicious code in bioql PyPI...

EUVD-2023-39761

Malicious code in bioql PyPI...

EUVD-2025-27500

Malicious code in bioql PyPI...

EUVD-2022-34513

Malicious code in bioql PyPI...

EUVD-2025-31021

Malicious code in bioql PyPI...

EUVD-2025-28866

Malicious code in bioql PyPI...

CVE-2025-59738

AndSoft e-TMS v25.03 contains an OS command-injection vulnerability. The flaw originates from the misuse of the m parameter in the /clt/LOGINFRM_BET.ASP endpoint, exploitable via a POST request to run operating-system commands on the server. Public advisories (NVD, CNVD/CNNVD, CIRCL/CVE) confirm ...