7632 matches found
CVE-2025-29310
An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers to execute arbitrary commands or access network information...
CVE-2025-29310
An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers to execute arbitrary commands or access network information...
PT-2025-12707 · Onos · Onos
Name of the Vulnerable Software and Affected Versions: onos version 2.7.0 Description: The issue allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet, enabling them to execute arbitrary commands or access network information. Recommendations: For onos...
CVE-2024-8156
A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input github.head.ref is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version...
CVE-2024-6825
CVE-2024-6825 affects litellm 1.40.12. The vulnerability lies in how the post_call_rules configuration is parsed: a callback can be set to a system method (for example os.system), with the final part treated as the function name and the rest imported as a Python module, enabling arbitrary command...
CVE-2025-25220
Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in +F FS010M versions prior to V2.0.11101. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote authenticated attacker...
Vanna SQL注入漏洞
Vanna is a personalized AI SQL agent from Vanna. A SQL injection vulnerability exists in Vanna version v0.6.2. An attacker can execute arbitrary SQL commands by exploiting this vulnerability...
PT-2025-12165 · Unknown · Berriai/Litellm
Name of the Vulnerable Software and Affected Versions: BerriAI/litellm version 1.40.12 Description: The issue exists in the handling of the post call rules configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the...
CVE-2024-56346
IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls...
CVE-2025-24306
CVE-2025-24306 affects FUJISOFT +F FS010M. The vulnerability is OS command injection caused by improper neutralization of special elements in OS commands, impacting FS010M versions prior to V2.0.0_1101. A remote authenticated attacker with administrative privileges could execute arbitrary OS comm...
The vulnerability of the FortiClient for MAC installer allows a perpetrator to execute arbitrary commands.
The vulnerability of the FortiClient for MAC installer is related to improper external management of the file name or path to the /tmp directory. Exploiting this vulnerability allows an attacker to execute arbitrary commands...
The vulnerability of the command-line interface of SiPass IP access controllers allows attackers to execute arbitrary commands and gain unauthorized access to protected information.
The vulnerability of the command-line interface of SiPass IP access controllers is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary commands and gain unauthorized access to protected information...
Important: emacs
Issue Overview: A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. CVE-2025-1244 Affected Packages: emacs Issue...
CVE-2025-30076
Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter...
CVE-2024-13871
A command injection vulnerability exists in the /checkimageandtriggerrecovery API endpoint of Bitdefender Box 1 firmware version 1.3.11.490. This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code executio...
Tenda AC15 Command Injection Vulnerability
The Tenda AC15 is a wireless router from the Chinese company Tenda. A command injection vulnerability exists in Tenda AC15 version 15.03.05.19, which originates from an application that fails to properly filter constructed command special characters, commands, etc. The vulnerability can be...
Apache Camel Arbitrary Command Execution Vulnerability (CNVD-2025-05168)
Apache Camel is the United States Apache Apache Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern , referred to as EIP integration framework. The framework provides Enterprise Integration Pattern Java objects POJO implementation , and throug...
Tenda AC7 Command Injection Vulnerability (CNVD-2025-05230)
Tenda AC7 is a wireless router from Tenda, a Chinese company. A command injection vulnerability exists in Tenda AC7 version 15.03.06.44. The vulnerability stems from the TendaTelnet function in the /goform/telnet file failing to properly filter constructor command special characters, commands, et...
The vulnerability of the CLI component of Fortinet’s FortiAP-S, FortiAP-W2, and FortiAP software solutions allows attackers to execute arbitrary commands.
The vulnerability of the CLI component of Fortinet’s FortiAP-S/W2 and FortiAP products exists due to the failure to take measures to neutralize the special elements used in the operating system commands. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...
CVE-2025-20138
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...