VulnCheck KEV: CVE-2025-34068

An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are...

Erlang/OTP SSH Server Unauthenticated Remote Command Execution (CVE-2025-32433) (Direct Check)

Binary data erlangotpsshCVE-2025-32433.nbin...

VulnCheck KEV: CVE-2025-28036

TOTOLINK A950RG V4.1.2cu.5161B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

VulnCheck KEV: CVE-2024-0292

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack remotely. The explo...

CVE-2025-34095

An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute code, which is then persisted on...

Exploit for OS Command Injection in Progress Loadmaster

CVE-2024-1212 - Progress Kemp LoadMaster Unauthenticated Comma...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388 - F5 BIG-IP iControl REST Authentication Bypass...

CVE-2025-50123

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a console and through exploitation of the hostname input...

CVE-2025-50123

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a console and through exploitation of the hostname input...

CVE-2025-50123

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a console and through exploitation of the hostname input...

CVE-2025-50123

Schneider Electric EcoStruxure IT Data Center Expert (DCE) versions 8.3 and earlier are affected by CVE-2025-50123 due to insufficient sanitization of the hostname input in the .bcsetup script. The hostname value can pass a format check yet include a semicolon and commands, causing those OS comma...

Schneider Electric EcoStruxure IT Data Center Expert 代码注入漏洞

Schneider Electric EcoStruxure IT Data Center Expert is a scalable monitoring software from Schneider Electric France that collects, organizes, and distributes critical device information to provide a comprehensive view of devices. A code injection vulnerability exists in Schneider Electric...

PT-2025-29224 · Juniper Networks · Juniper Networks

Name of the Vulnerable Software and Affected Versions: Juniper Networks affected versions not specified Description: A code injection issue exists that could lead to remote command execution with privileged access. This occurs when the server is accessed through a console and exploits the hostnam...

CVE-2025-7414

CVE-2025-7414 affects Tenda O3V2 1.0.0.12(3880). The vulnerability is in the httpd component’s file /goform/setPingInfo, specifically the fromNetToolGet function, where manipulation of the domain argument leads to operating system command injection. This can be exploited remotely and publicly dis...

CVE-2025-34099

An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidialsalesviewer.php component when password encryption is enabled a non-default configuration. The application improperly passes the HTTP Basic Authentication password directly ...

CVE-2025-34095

An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute code, which is then persisted on...

CVE-2025-7407

A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument hostname leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to th...

📄 Schneider Electric EcoStruxure IT Data Center Expert 8.3 Remote Command Execution

Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and below have a configuration modification issue where sufficient input sanitization is not performed on the value provided for the hostname of the appliance. The hostname variable can include a command terminator and subsequent...

PT-2025-29137 · Unknown · Mako Server

Name of the Vulnerable Software and Affected Versions: Mako Server versions 2.5 and 2.6 Description: An OS command injection vulnerability exists within the tutorial interface. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute code to the...

CVE-2025-20319

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability editscripted and listinputs capability , could perform a remote command execution due to improper user input sanitization on the scripted input files. See Defin...