906 matches found
PT-2025-48267
Name of the Vulnerable Software and Affected Versions SDMC NE6037 routers versions prior to 7.1.12.2.44 Description The firmware in SDMC NE6037 routers contains a network diagnostics tool susceptible to shell command injection attacks. Exploitation requires an attacker to log in to the router's...
PT-2025-48105
Name of the Vulnerable Software and Affected Versions DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 Description An unauthenticated OS Command Injection issue exists in the start upgrade.php component of the softwar...
PT-2025-47964
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...
CVE-2025-34286
Nagios XI versions prior to 2026R1 contain a remote code execution vulnerability in the Core Config Manager CCM Run Check command. Insufficient validation/escaping of parameters used to build backend command lines allows an authenticated administrator to inject shell metacharacters that are...
CVE-2013-10073
Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to discovery functionality to execute arbitrary...
EUVD-2013-7287
Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to discovery functionality to execute arbitrary...
CVE-2013-10073
Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to discovery functionality to execute arbitrary...
CVE-2025-34286 Nagios XI < 2026R1 RCE via Run Check Command in CCM
Nagios XI versions prior to 2026R1 contain a remote code execution vulnerability in the Core Config Manager CCM Run Check command. Insufficient validation/escaping of parameters used to build backend command lines allows an authenticated administrator to inject shell metacharacters that are...
CVE-2025-34286 Nagios XI < 2026R1 RCE via Run Check Command in CCM
Nagios XI versions prior to 2026R1 contain a remote code execution vulnerability in the Core Config Manager CCM Run Check command. Insufficient validation/escaping of parameters used to build backend command lines allows an authenticated administrator to inject shell metacharacters that are...
EUVD-2025-36508
IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creates a Proxy report the application issues an HTTP...
CVE-2025-34311
IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creates a Proxy report the application issues an HTTP...
CVE-2025-34311
IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creates a Proxy report the application issues an HTTP...
CVE-2025-34311
IPFire
CVE-2025-34311 IPFire < v2.29 Command Injection via Proxy Report Creation
IPFire versions prior to 2.29 Core Update 198 contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creates a Proxy report the application issues an HTTP...
CVE-2025-10680
OpenVPN 2.7alpha1 through 2.7beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use...
PT-2025-43608
Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.7 alpha1 through 2.7 beta1 Description The OpenVPN software, specifically the --dns-updown component, is susceptible to a flaw that allows a remote authenticated server to inject shell commands via DNS variables when the...
SUSE CVE-2025-10230
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...
A Retrospective Survey of 2024/2025 Open Source Supply Chain Compromises
Lack of memory safety is such a predominant cause of security issues that we have a responsibility as professional software engineering to robustly mitigate it in security-sensitive use cases—by using memory safe languages. Similarly, I have the growing impression that software supply chain...
JLSEC-2025-2 Command injection in `withpasswd()` function in Registrator.jl
Impact If the clone URL returned by GitHub is malicious or can be injected using upstream vulnerabilities, a shell script injection can occur within the withpasswd function. This can then lead to a potential RCE. Patches Users should upgrade immediately to v1.9.5. All prior versions are vulnerabl...
EUVD-2017-1480
Malware in sbrugna...