CVE-2025-43879

CVE-2025-43879 concerns Elecom WRH-733GBK and WRH-733GWH, where the telnet function sustains an OS command injection allowing a remote unauthenticated attacker to execute arbitrary OS commands. Several connected sources corroborate OS command injection in the telnet component for these models, wi...

CVE-2025-34041

An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response EDR management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interfac...

CVE-2025-34036

An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When th...

CVE-2025-34036 Shenzhen TVT CCTV-DVR Command Injection

An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When th...

CVE-2025-34036 Shenzhen TVT CCTV-DVR Command Injection

An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When th...

CVE-2025-34033 5VTechnologies Blue Angel Software Suite OS Command Injection

An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded Linux devices via the pingaddr parameter in the webctrl.cgi script. The application fails to properly sanitize input before passing it to the system-level ping command. An authenticated attacker can...

Elecom多款产品 操作系统命令注入漏洞

Elecom WRC-X3000GS and others are a router from Elecom Japan. An operating system command injection vulnerability exists in the Elecom WRC-X3000GS, Elecom WRC-X3000GSA, and Elecom WRC-X3000GSN, which stems from a Connection Diagnostics page command injection leading to arbitrary OS command...

CVE-2023-47297

A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations...

CVE-2025-34024

An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacter...

The vulnerability of the SIGLENT SDS1000X-E oscilloscope is related to deficiencies in access control, allowing an intruder to execute arbitrary commands and trigger a service failure.

The vulnerability of the SIGLENT SDS1000X-E oscilloscope is related to deficiencies in access control. Exploiting this vulnerability could allow an intruder to execute arbitrary commands and cause service failures...

The vulnerability of the SIGLENT SDS1000X-E oscilloscope is related to deficiencies in access control, allowing an intruder to execute arbitrary commands and trigger a service failure.

The vulnerability of the SIGLENT SDS1000X-E oscilloscope is related to deficiencies in access control. Exploiting this vulnerability could allow an intruder to execute arbitrary commands and cause service failures...

CVE-2023-47297

CVE-2023-47297: A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 permits an attacker to execute arbitrary commands, including editing system security auditing configurations. CVSS v3.1 base score 9.8 (Network, Low complexity, No user interaction, Privileges=None; Impact: Confi...

NCR Atleos Terminal Handler 安全漏洞

NCR Atleos Terminal Handler is an ATM enterprise software solution from NCR Atleos that reduces costs, improves business agility and increases your competitive advantage. A security vulnerability exists in NCR Atleos Terminal Handler version 1.5.1, which stems from insufficient validation of text...

NCR Atleos Terminal Handler 安全漏洞

NCR Atleos Terminal Handler is an ATM enterprise software solution from NCR Atleos that reduces costs, improves business agility and increases your competitive advantage. A security vulnerability exists in NCR Atleos Terminal Handler version 1.5.1, which stems from an improperly configured system...

CVE-2025-34024

An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacter...

GHSA-GPFC-MPH4-QM24 Velociraptor vulnerable to privilege escalation via UpdateConfig artifact

Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch...

Velociraptor vulnerable to privilege escalation via UpdateConfig artifact

Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch...

CVE-2025-6264

Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch...

The vulnerability of the plugin “Export to Excel. Exporting product catalogs for 1C-Bitrix. Creating price lists” allows a perpetrator to execute arbitrary commands.

The vulnerability of the plugin “Export to Excel. Exporting product catalogs for 1C-Bitrix. Creating price lists” is related to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute...

Velociraptor 安全漏洞

Velociraptor is a Velocidex open source tool for collecting host-based state information using Velociraptor Query Language VQL queries. A security vulnerability exists in Velociraptor that stems from the failure of the Admin.Client.UpdateClientConfig artifact to enforce additional privileges, whi...