CVE-2025-12744 Abrt: command-injection in abrt leading to local privilege escalation

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command docker inspect %s without proper validation. An unprivileged local user can craft a payload that injects shell...

CVE-2025-12744 Abrt: command-injection in abrt leading to local privilege escalation

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command docker inspect %s without proper validation. An unprivileged local user can craft a payload that injects shell...

PT-2025-48978

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.93 Description Claude Code is an agentic coding tool. Prior to version 1.0.93, errors in parsing shell commands related to $IFS and short CLI flags allowed bypassing the read-only validation, potentially leadi...

CVE-2025-11786

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf' without any sanitisation or validation, and then executed using 'system'. This allows a...

CVE-2025-11786 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf' without any sanitisation or validation, and then executed using 'system'. This allows a...

EUVD-2025-200116

MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution RCE via malicious URL...

PT-2025-48676

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists in the SetUserPassword function. The newPassword parameter is incorporated into a shell command string using sprintf without proper sanitisation or...

EUVD-2025-199825

Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker has to log in to the router's administrative portal, which by default is reachable only via LAN ports...

CVE-2025-8890 Authenticated RCE in SDMC NE6037 router

Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker has to log in to the router's administrative portal, which by default is reachable only via LAN ports...

CVE-2025-8890 Authenticated RCE in SDMC NE6037 router

Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker has to log in to the router's administrative portal, which by default is reachable only via LAN ports...

CVE-2025-66259 Authenticated Root Remote Code Execution through improper filtering of HTTP post request parameters

Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform in mainok.php user supplied data/hour/time is passed directl...

CVE-2025-66259

Authenticated RCE vulnerability in DB Electronica Mozart FM Transmitter family (versions 30–7000) due to improper input filtering in main_ok.php where user-supplied hour/time data is passed directly to a date shell command. Root cause: insufficient input validation allowing remote code execution ...

CVE-2025-63932

D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction header field. The unauthenticated remote attacker can execute the shell command...

CVE-2025-60701

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub433188 function in prog.cgi stores user-supplied email configuration parameters EmailFrom, EmailTo, SMTPServerAddress, SMTPServerPort, AccountName in NVRAM v...

CVE-2025-60682

The connected CNVD/Red Hat/EUVD/NVD entries confirm CVE-2025-60682 affecting TOTOLINK A720R router firmware V4.1.5cu.614_B20230630, in the cloudupdate_check binary (sub_402414) where cloud update parameters are processed. User-controlled magicid and url are concatenated into shell commands and ex...

CVE-2025-60701

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub433188 function in prog.cgi stores user-supplied email configuration parameters EmailFrom, EmailTo, SMTPServerAddress, SMTPServerPort, AccountName in NVRAM v...

CVE-2025-60698

The CVE-2025-60698 issue affects D-Link DIR-882 router firmware DIR882A1_FW102B02, where SetSysLogSettings/IPAddress stored in NVRAM via nvram_safe_set can be read and concatenated into a shell command executed by twsystem() in the rc binary. The root cause is un-sanitized retrieval of nvram valu...

Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements used in a Command (CVE-2015-20107)

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

SUSE CVE-2025-61141

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...

ALPINE-CVE-2025-10230

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...