TOTOLINK A3002R devicemac parameter command injection vulnerability

The TOTOLINK A3002R is a wireless router manufactured by China's Gion Electronics TOTOLINK, whose main function is to provide wireless network connectivity for home or small office environments. The TOTOLINK A3002R suffers from an OS command injection vulnerability, which stems from a command...

CVE-2025-41451 Post-Authentication OS Command Injection RCE in Danfoss AK-SM8xxA Series

Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command 'Command Injection' in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system...

PT-2025-33884 · Unknown · Neurobin Shc

Name of the Vulnerable Software and Affected Versions: neurobin shc versions prior to 4.0.4 Description: A vulnerability exists in neurobin shc up to version 4.0.3. This issue affects the make function within the src/shc.c file of the Filename Handler component. Manipulation of this function can...

CVE-2025-55589

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice...

CVE-2025-54074

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup a malicious MCP server with compatible OAuth...

OliveTin 安全漏洞

OliveTin is an OliveTin open source web application. A security vulnerability exists in OliveTin version 2025.4.22, which stems from an OS command injection in the ParseRequestURI function in service/internal/executor/arguments.go...

Fortinet FortiSIEM OS Command Injection (FG-IR-25-152)

The version of Fortinet FortiSIEM running on the remote server is 5.4.x, 6.1.x, 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x, 7.4.x. It is, therefore, affected by an OS command injection vulnerability that can allow a remote unauthenticated attacker to execute unauthorized...

CVE-2025-27759

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code o...

CVE-2025-47857

CVE-2025-47857 describes an OS command injection in Fortinet FortiWeb CLI. Affected are FortiWeb CLI versions 7.6.0–7.6.3 and pre-7.4.8. The root cause is improper neutralization of special elements in CLI commands, enabling a privileged attacker to execute arbitrary code or commands via crafted ...

CVE-2025-27759

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code o...

CVE-2025-25256

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute...

CVE-2025-25256

Fortinet FortiSIEM contains an OS command injection (CWE-78) vulnerability that allows an unauthenticated attacker to execute arbitrary commands via crafted CLI requests. Affected versions span FortiSIEM 6.1–6.7, 7.0–7.3 (specifically 7.0.0–7.0.3, 7.1.0–7.1.7, 7.2.0–7.2.5, 7.3.0–7.3.1) with fixed...

CVE-2025-30098

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an ...

Kenwood DMX958XR 操作系统命令注入漏洞

The Kenwood DMX958XR is an in-car infotainment system from Kenwood. An operating system command injection vulnerability exists in the Kenwood DMX958XR JKWifiService function, which can be exploited by an attacker to execute code in a root context...

Itemir M300 Wi-Fi Repeater 安全漏洞

Itemir M300 Wi-Fi Repeater is a wireless repeater from Itemir China. A security vulnerability exists in Itemir M300 Wi-Fi Repeater that originates from OS command injection and could lead to full system control...

xxl-job 命令注入漏洞

XXL-JOB is a distributed task scheduling platform by the individual developer Xu Xueli xuxueli. A command injection vulnerability exists in xxl-job 3.1.1 and earlier versions, which stems from a misuse of the commandJobHandler function leading to os command injection attacks...

CVE-2025-7553

CVE-2025-7553 affects D-Link DIR-818LW firmware up to 20191215. The vulnerability is in the System Time Page, where manipulation of the NTP Server parameter allows os command injection. Exploitation is possible remotely, and the exploit has been disclosed publicly. The issue is associated with de...

Materialise OrthoView 操作系统命令注入漏洞

Materialise OrthoView is an orthopedic planning solution from Materialise UK. An operating system command injection vulnerability exists in Materialise OrthoView 7.5.1 and earlier versions, which stems from vulnerability to OS command injection attacks when servlet sharing is enabled...

ZendTo 安全漏洞

ZendTo is a web-based file transfer system from ZendTo Inc. A security vulnerability exists in ZendTo 6.10-6 Beta and earlier versions, which stems from an os command injection due to the misbehavior of the parameter file1 in the file NSSDropoff.php...

CVE-2022-48472

A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. Affected product versions include:BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta,BiSheng-WNM FW 3.0.0.325,BiSheng-WNM FW 2.0.0.211...