EUVD-2024-35275

Malicious code in bioql PyPI...

EUVD-2023-39761

Malicious code in bioql PyPI...

EUVD-2022-51168

Malicious code in bioql PyPI...

CVE-2025-59740 Multiple vulnerabilities in AndSoft's e-TMS

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMCAT.ASP'...

CVE-2025-59738 Multiple vulnerabilities in AndSoft's e-TMS

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMBET.ASP'...

CVE-2025-59738

AndSoft e-TMS v25.03 contains an OS command-injection vulnerability. The flaw originates from the misuse of the m parameter in the /clt/LOGINFRM_BET.ASP endpoint, exploitable via a POST request to run operating-system commands on the server. Public advisories (NVD, CNVD/CNNVD, CIRCL/CVE) confirm ...

PT-2025-40357

Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description An operating system command injection issue exists in AndSoft e-TMS version 25.03. This allows an attacker to execute operating system commands on the server. The issue is exploitable by sending a POST...

CVE-2025-52906

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360B20241207...

SUSE CVE-2025-59359

The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...

CVE-2025-10589

The CVE-2025-10589 entry concerns OS Command Injection in N-Partner’s N-Reporter, N-Cloud, and N-Probe. Affected components are the N-Reporter/N-Cloud/N-Probe products (authentic remote access) and the underlying issue allows injection and execution of arbitrary OS commands on the server. Severit...

Chaos Controller Manager is vulnerable to OS command injection

The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...

Chaos Mesh 操作系统命令注入漏洞

Chaos Mesh is an open source cloud-native engineering platform from Chaos Mesh Open Source. Chaos Mesh suffers from an OS command injection vulnerability that stems from the killProcesses mutation being susceptible to an os command injection attack that could lead to remote code execution...

CVE-2025-10265 Digiever｜NVR - OS Command Injection

Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device...

CVE-2025-9996

CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session...

CVE-2025-43885

Dell PowerProtect Data Manager, versions 19.19 and 19.20, Hyper-V contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command...

TkEasyGUI Vulnerable to OS Command Injection

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construc...

D-Link DI-500WF os Command Injection Vulnerability

The D-Link DI-500WF is a panel type wireless access point AP, mainly used to build wireless network coverage environment, supports 802.11n protocol with a theoretical maximum transmission rate of 150Mbps. The D-Link DI-500WF suffers from an os command injection vulnerability that stems from the...

TRENDnet TV-IP410 安全漏洞

TRENDnet TV-IP410 is an Internet TV from TRENDnet. The TRENDnet TV-IP410 suffers from a command injection vulnerability that stems from misuse of the parameter DeviceURL in the file uapply.cgi of the component httpd, which can be exploited by an attacker to cause arbitrary command execution...

CVE-2025-9575

Summary: CVE-2025-9575 affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 devices. The issue resides in the /cgi-bin/upload.cgi file, specifically the cgiMain function, where manipulation of the filename argument enables operating system command injection. The vulnerability can be exploite...

CVE-2025-30057 Authenticated RCE with uhcapache privileges in ConvertToPDF

In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system call in the ConvertToPDF function...