CVE-2025-10107

TRENDnet TEW-831DR v1.0 (601.130.1.1410) contains a command-injection flaw in the /boafrm/formSysCmd function, triggered by manipulating the sysHost argument. This vulnerability can be exploited remotely and has public exploit disclosures. Several sources (including NVD/Red Hat CVE entries and PT...

CVE-2025-42944

Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high...

NVIDIA NVDebug 操作系统命令注入漏洞

NVIDIA NVDebug is a debugging and diagnostic tool from NVIDIA. NVIDIA NVDebug suffers from an operating system command injection vulnerability that originates from the ability to potentially cause code to be run on the platform host as an unprivileged user, which could lead to code execution,...

PT-2025-36737

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-831DR version 1.0 601.130.1.1410 Description: A vulnerability exists in TRENDnet TEW-831DR version 1.0 601.130.1.1410 due to command injection. The issue is located in an unknown function of the /boafrm/formSysCmd file...

TkEasyGUI Vulnerable to OS Command Injection

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construc...

CVE-2025-7388 Authenticated Command Injection via configuration parameter manipulation in exposed RMI interface

It was possible to perform Remote Command Execution RCE via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property...

CVE-2025-50755

The CVE-2025-50755 entry concerns the Wavlink WN535K3 router (firmware version 20191010). A command injection flaw exists in the set_sys_cmd function via the command parameter, enabling attackers to execute arbitrary commands through a crafted request. The issue is treated across multiple feeds (...

WAVLINK WN535K3 安全漏洞

WAVLINK WN535K3 is a wireless router from China Ruiyin WAVLINK. A security vulnerability exists in the Wavlink WN535K3 version 20191010, which stems from the improper handling of the command parameter in the setsyscmd function, which could lead to the execution of arbitrary commands...

D-Link DI-500WF os Command Injection Vulnerability

The D-Link DI-500WF is a panel type wireless access point AP, mainly used to build wireless network coverage environment, supports 802.11n protocol with a theoretical maximum transmission rate of 150Mbps. The D-Link DI-500WF suffers from an os command injection vulnerability that stems from the...

PT-2025-35570

Name of the Vulnerable Software and Affected Versions: Wavlink WN535K3 version 20191010 Description: The Wavlink WN535K3 router contains a command injection vulnerability in the set sys cmd function through the command parameter. This allows attackers to execute arbitrary commands via a crafted...

CVE-2025-54857

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in SkyBridge BASIC MB-A130 Ver.1.5.8 and earlier. If exploited, a remote unauthenticated attacker may execute arbitrary OS commands with root privileges...

CVE-2025-9528

A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been publicly...

CVE-2025-53970

SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges...

TRENDnet TV-IP410 安全漏洞

TRENDnet TV-IP410 is an Internet TV from TRENDnet. The TRENDnet TV-IP410 suffers from a command injection vulnerability that stems from misuse of the parameter DeviceURL in the file uapply.cgi of the component httpd, which can be exploited by an attacker to cause arbitrary command execution...

CVE-2025-9575

Summary: CVE-2025-9575 affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 devices. The issue resides in the /cgi-bin/upload.cgi file, specifically the cgiMain function, where manipulation of the filename argument enables operating system command injection. The vulnerability can be exploite...

CVE-2024-13985 Dahua EIMS capture_handle.action RCE

A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capturehandle.action interface. The flaw stems from improper input validation in the captureCommand parameter, which is processed without...

CVE-2025-30057 Authenticated RCE with uhcapache privileges in ConvertToPDF

In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system call in the ConvertToPDF function...

Linux Distros Unpatched Vulnerability : CVE-2023-35962

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary...

PT-2025-34873

Name of the Vulnerable Software and Affected Versions: OPNsense version 25.1 Description: OPNsense version 25.1 contains an authenticated command injection issue in the Bridge Interface Edit endpoint interfaces bridge edit.php. The span POST parameter is concatenated into a system-level command...

TOTOLINK A3002R devicemac parameter command injection vulnerability

The TOTOLINK A3002R is a wireless router manufactured by China's Gion Electronics TOTOLINK, whose main function is to provide wireless network connectivity for home or small office environments. The TOTOLINK A3002R suffers from an OS command injection vulnerability, which stems from a command...