7630 matches found
CVE-2025-36529
An OS command injection issue exists in multiple versions of TB-eye network recorders and AHD recorders. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who is logging in to the device...
CVE-2025-36529
An OS command injection issue exists in multiple versions of TB-eye network recorders and AHD recorders. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who is logging in to the device...
CVE-2025-36529
An OS command injection issue exists in multiple versions of TB-eye network recorders and AHD recorders. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who is logging in to the device...
CVE-2025-36529
CVE-2025-36529 affects TB-eye network recorders and TB-eye AHD recorders. The issue is an OS command injection (CWE-78) that can allow an authenticated attacker to execute arbitrary OS commands on the device. Public details indicate multiple TB-eye products are affected; the exact affected versio...
TOTOLINK CA300-PoE wps.so file command injection vulnerability
TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK CA300-PoE wps.so file, which originates from the parameter PIN of the file wps.so failing to correctly filter constructed command special characters,...
TOTOLINK CA300-PoE upgrade.so file command injection vulnerability
TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK CA300-PoE upgrade.so file, which stems from the parameter FileName of the file upgrade.so failing to correctly filter construct command special characters...
TOTOLINK CA300-PoE ap.so file command injection vulnerability
TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK CA300-PoE ap.so file, which originates from the parameter hour/minute in the file ap.so failing to correctly filter constructed command special characters...
Roo Code 命令注入漏洞
Roo Code is an AI-based autonomous coding agent from Roo Code. A command injection vulnerability exists in Roo Code versions prior to 3.20.3, which stems from a .roo/mcp.json file configuration that allows the execution of arbitrary commands, which could lead to arbitrary command execution...
TB-eye多款产品 操作系统命令注入漏洞
TB-eye Network recorders and TB-eye AHD recorders are both products of the Japanese company TB-eye.TB-eye Network recorders are a line of network recorders.TB-eye AHD recorders are a line of video recorders. An operating system command injection vulnerability exists in several TB-eye products,...
PT-2025-27049 · Unknown · Ahd Recorders +1
Name of the Vulnerable Software and Affected Versions: TB-eye network recorders affected versions not specified AHD recorders affected versions not specified Description: A problem of injection of system operating system commands exists in the mentioned devices. If this issue is exploited, an...
PT-2025-27260 · Robocode · Robocode
Name of the Vulnerable Software and Affected Versions: Roo Code versions prior to 3.20.3 Description: The issue concerns the execution of arbitrary commands through the MCP configuration file. An attacker with access to the system could craft a prompt to write a malicious command to the MCP...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Command Execution process. An attacker can execute arbitrary commands with the privileges of the server process by leveraging allowed shell commands that can spawn additional commands. This is only...
Hunt Electronic HBF-09KD 操作系统命令注入漏洞
The Hunt Electronic HBF-09KD is a hard disk recorder from Hunt Electronic, Inc. The Hunt Electronic HBF-09KD suffers from an operating system command injection vulnerability that stems from OS command injection, which could lead to the execution of arbitrary OS commands...
CVE-2025-30131
An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam...
The vulnerability of the microprogrammed software of Edimax EW-7438RPn Mini wireless signal amplifiers is related to insufficient verification of input data. This allows attackers to enhance their privileges and execute arbitrary commands.
The vulnerability of the microprogramming software of Edimax EW-7438RPn Mini wireless signal amplifiers is related to insufficient checking of input data during the processing of the final command /goform/mp. Exploiting this vulnerability can allow a remote attacker to enhance their privileges an...
CVE-2023-47297
A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations...
TOTOLINK CA300-PoE 命令注入漏洞
TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK CA300-PoE upgrade.so file, which stems from the parameter FileName of the file upgrade.so failing to correctly filter construct command special characters...
CVE-2025-43879
WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in the telnet function. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS command may be execut...
CVE-2025-48890
WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in miniigd SOAP service. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS command may be...
CVE-2025-43879
CVE-2025-43879 concerns Elecom WRH-733GBK and WRH-733GWH, where the telnet function sustains an OS command injection allowing a remote unauthenticated attacker to execute arbitrary OS commands. Several connected sources corroborate OS command injection in the telnet component for these models, wi...