19590 matches found
CVE-2025-54964
CVE-2025-54964 affects BAE Systems SOCET GXP prior to 4.6.0.2. The issue arises when a user can interact with the GXP Job Service, enabling injection of arbitrary executables. If the Job Service is configured for local-only access, this may allow privilege escalation; if it is network-accessible,...
VulnCheck KEV: CVE-2022-1703
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service DoS attack...
Veeder-Root TLS4B Automatic Tank Gauge System 命令注入漏洞
Veeder-Root TLS4B Automatic Tank Gauge System is a security management system for gas stations, tank farms, or industrial storage tanks from Veeder-Root, Inc. The Veeder-Root TLS4B Automatic Tank Gauge System suffers from a command injection vulnerability that stems from the SOAP interface being...
CVE-2025-41108 Improper Authentication vulnerability in Ghost Robotics' Vision 60
The communication protocol implemented in Ghost Robotics Vision 60 v0.27.2 could allow an attacker to send commands to the robot from an external attack station, impersonating the control station tablet and gaining unauthorised full control of the robot. The absence of encryption and authenticati...
CVE-2025-41721 Sauter: Command Injection
A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate...
Sauter modu680-AS 命令注入漏洞
Sauter modu680-AS is a modular automation station cum web server from Sauter, Switzerland. A command injection vulnerability exists in Sauter modu680-AS that stems from improper neutralization of special elements when adding password-protected self-signed certificates, which could allow an elevat...
CVE-2018-25118
GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life EOL by the vendor. VulnCheck has...
EUVD-2018-21605
GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19...
PT-2025-42823
Name of the Vulnerable Software and Affected Versions TP-Link Omada Gateway affected versions not specified Description An arbitrary OS command may be executed by a remote attacker. An unauthenticated attacker can potentially execute commands on the system. The issue allows for remote command...
CVE-2018-25118
GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life EOL by the vendor. VulnCheck has...
CVE-2018-25118 GeoVision Command Injection RCE via /PictureCatch.cgi
GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life EOL by the vendor. VulnCheck has...
CVE-2018-25118 GeoVision Command Injection RCE via /PictureCatch.cgi
GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life EOL by the vendor. VulnCheck has...
CVE-2018-25118
CVE-2018-25118 Affected products (from provided docs): GeoVision GV-BX1500 and GV-MFD1501 IP cameras. The vulnerability is a remote command injection via the endpoint /PictureCatch.cgi that allows an attacker to execute arbitrary commands on the device. The vendor notes these models are end-of-li...
CVE-2025-31342
An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file...
CVE-2025-31342 Galaxy Software Services Vitals ESP Forum Module - Unrestricted Upload of File with Dangerous Type
An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file...
VulnCheck KEV: CVE-2018-25118
GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life EOL by the vendor. VulnCheck has...
GeoVision GV-BX1500和GeoVision GV-MFD1501 安全漏洞
The GeoVision GV-BX1500 and GeoVision GV-MFD1501 are both a series of indoor IP cameras from GeoVision China. A security vulnerability exists in the GeoVision GV-BX1500 and GeoVision GV-MFD1501 that stems from a remote command injection in /PictureCatch.cgi, which could lead to the execution of...
Exploit for CVE-2025-1094
🛠️ CVE-2025-1094 Lab Setup ⚠️ Disclaimer This lab i...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the Management and Monitoring REST API when processing GET requests. An attacker can execute arbitrary commands on the target system by tricking an authenticated user into submitting malicious request...
CVE-2025-11900 HGiga|iSherlock - OS Command Injection
The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server...