Fortinet FortiSIEM Unauthenticated Remote Command Injection (FG-IR-25-772)

The version of Fortinet FortiSIEM running on the remote server is 6.7.x through 6.7.10, 7.0.x through 7.0.4, 7.1.x prior to 7.1.9, 7.2.x prior to 7.2.7, 7.3.x prior to 7.3.5, or 7.4.0. It is, therefore, affected by an unauthenticated remote command injection vulnerability: - An improper...

CVE-2025-15501

A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipulation of the argument sessionPath causes os command injection. Remote exploitation of the attack...

CVE-2025-15499

A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8. This vulnerability affects the function uploadCN of the file VersionController.java. The manipulation of the argument filename leads to os command injection. The attack may be initiated remotely. Th...

CVE-2025-64093

Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device...

CVE-2026-22755 Legacy Vivotek Camera Firmware Command Injection in upload_map.cgi

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381, FD9387, FD9389, FD9391,FE9180,FE9181, FE9191, FE9381, FE9382, FE9391, FE9582,...

MiracleLinux 7 : emacs-24.3-23.1.0.4.el7.AXS7 (AXSA:2025-11265:08)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11265:08 advisory. Bump release to 23.0.1.1.tuxcare.els1 CVEs: CVE-2025-1244 A command injection flaw was found in the text editor Emacs. It could allow a remote,...

MiracleLinux 8 : cups-2.2.6-62.el8_10 (AXSA:2025-9531:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9531:01 advisory. cups: libppd: remote command injection via attacker controlled data in PPD file CVE-2024-47175 Tenable has extracted the preceding description block directly...

Merit LILIN IP Camera Series 操作系统命令注入漏洞

The Merit LILIN IP Camera Series is a series of IP video recorders from Merit LILIN of Taiwan, China. The Merit LILIN IP Camera Series suffers from an operating system command injection vulnerability that stems from OS command injection, which could allow an authenticated, remote attacker to inje...

CVE-2025-15502

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.8. The affected element is the function SessionController of the file /isomp-protocol/protocol/session. Such manipulation of the argument Hostname leads to os command injection. The attack can be...

EUVD-2026-1855

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.8. The affected element is the function SessionController of the file /isomp-protocol/protocol/session. Such manipulation of the argument Hostname leads to os command injection. The attack can be...

EUVD-2025-206270

A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command...

EUVD-2025-206269

A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8. This vulnerability affects the function uploadCN of the file VersionController.java. The manipulation of the argument filename leads to os command injection. The attack may be initiated remotely. Th...

PT-2026-1779

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.8 Description A remote OS command injection issue exists in the SessionController function within the /isomp-protocol/protocol/session file of the software. Manipulation of...

CVE-2025-15501 Sangfor Operation and Maintenance Management System getCmd WriterHandle.getCmd os command injection

A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipulation of the argument sessionPath causes os command injection. Remote exploitation of the attack...

CVE-2025-15501 Sangfor Operation and Maintenance Management System getCmd WriterHandle.getCmd os command injection

A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipulation of the argument sessionPath causes os command injection. Remote exploitation of the attack...

CVE-2025-15500

A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command...

CVE-2025-15500

A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command...

CVE-2025-15499

A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8. This vulnerability affects the function uploadCN of the file VersionController.java. The manipulation of the argument filename leads to os command injection. The attack may be initiated remotely. Th...

CVE-2025-15500 Sangfor Operation and Maintenance Management System HTTP POST Request getHis os command injection

A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command...

CVE-2025-15499 Sangfor Operation and Maintenance Management System VersionController.java uploadCN os command injection

A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8. This vulnerability affects the function uploadCN of the file VersionController.java. The manipulation of the argument filename leads to os command injection. The attack may be initiated remotely. Th...