CVE-2025-36604

Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution...

CVE-2025-36604

Summary (CVE-2025-36604) Dell UnityVSA prior to 5.5.1 is affected by an unauthenticated remote OS command injection vulnerability. The Nuclei template and associated notes describe a pre-auth command execution path affecting Dell UnityVSA

CVE-2025-36604

Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution...

CVE-2025-54133

Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP Model Context Protocol deeplink handler, allowing attackers to execute 2-click arbitrary system commands through social engineering attacks. When...

CVE-2025-54131

Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a backtick or $cmd. If a user has swapped Cursor from its default settings requiring approval for every terminal call to an allowlist, an attacker can execute...

CVE-2013-10059

An authenticated OS command injection vulnerability exists in various D-Link routers tested on DIR-615H1 running firmware version 8.04 via the toolsvct.htm endpoint. The web interface fails to sanitize input passed from the pingipaddr parameter to the toolsvct.htm diagnostic interface, allowing...

Dell PowerProtect Data Domain 操作系统命令注入漏洞

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. A security vulnerability exists in Dell PowerProtect Data Domain, which can be exploited by an attacker to cause arbitrary commands to be...

Dell Unity 操作系统命令注入漏洞

Dell Unity is a set of virtual Unity storage environments from Dell USA. An operating system command injection vulnerability exists in Dell Unity 5.5 and prior versions, which stems from the svcnfssupport utility failing to properly filter construct command special characters, commands, etc. An...

Dell PowerProtect Data Domain 操作系统命令注入漏洞

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. A security vulnerability exists in Dell PowerProtect Data Domain, which can be exploited by an attacker to cause arbitrary commands to be...

PT-2025-31809

Name of the Vulnerable Software and Affected Versions Dell Unity versions prior to 5.5.1 Dell UnityVSA versions prior to 5.5.1 Description Dell Unity and UnityVSA contain an Improper Neutralization of Special Elements used in an OS Command vulnerability, also known as OS Command Injection. An...

The vulnerability of the WeGIA web manager for charitable organizations, which arises due to the failure to take measures to neutralize special elements, allows a violator to execute arbitrary commands.

The vulnerability of the WeGIA web manager exists due to the lack of measures taken to neutralize special elements during the processing of the branch parameter. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with user privileges of the web server www-data...

The vulnerability in the proxy_client.asp script of the D-Link DI-7300G+ router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the proxyclient.asp script in the D-Link DI-7300G+ router microprogramming system is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...

CVE-2025-52361

Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands with root privilege via editing this script which is executed with root-privileges on any interaction...

CVE-2013-10039

A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ipcheckhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deploymen...

CVE-2025-54133

Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP Model Context Protocol deeplink handler, allowing attackers to execute 2-click arbitrary system commands through social engineering attacks. When...

Cursor 操作系统命令注入漏洞

Cursor is an AI code editor from Cursor open source. An operating system command injection vulnerability exists in Cursor versions 1.17 through 1.2, which stems from an information disclosure in the MCP deep link handler that could lead to arbitrary system command execution...

CVE-2025-54133 Cursor's MCP Install Deeplink Does Not Show Arguments in its User-Dialog

Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information disclosure vulnerability in Cursor's MCP Model Context Protocol deeplink handler, allowing attackers to execute 2-click arbitrary system commands through social engineering attacks. When...

CVE-2025-54131 Cursor bypasses its allow list to execute arbitrary commands

Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a backtick or $cmd. If a user has swapped Cursor from its default settings requiring approval for every terminal call to an allowlist, an attacker can execute...

CVE-2025-54424 1Panel Agent Bypasses Certificate Verification Leading to Arbitrary Command Execution

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate...

GHSA-8J63-96WH-WH3J 1Panel agent certificate verification bypass leading to arbitrary command execution

Project Address: Project Address 1Panel Official website: https://www.1panel.cn/ Time: 2025 07 26 Version: 1panel V2.0.5 Vulnerability Summary - First, we introduce the concepts of 1panel v2 Core and Agent. After the new version is released, 1panel adds the node management function, which allows...