CVE-2025-25675

Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmdbuf variable, which is directly used in the doSystemCmd function, causing an arbitrary...

CVE-2025-26856

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in UD-LT2 firmware Ver.1.00.008SE and earlier. If an attacker logs in to the affected product with an administrative account and manipulates requests for a certain screen operation, an arbitrary ...

CVE-2025-26856

CVE-2025-26856 affects I-O Data UD-LT2 firmware (Ver. 1.00.008_SE and earlier). The issue is OS Command Injection caused by improper neutralization of a special element during a specific screen operation, allowing an administrator to trigger arbitrary OS commands after authenticating with admin c...

CVE-2021-46686

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in acmailer CGI ver.4.0.3 and earlier and acmailer DB ver.1.1.5 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker...

CVE-2025-25675

Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmdbuf variable, which is directly used in the doSystemCmd function, causing an arbitrary...

CVE-2025-25675

Summary: CVE-2025-25675 affects Tenda AC10 (V1.0, V15.03.06.23). The vulnerability is a command injection in the formexeCommand function. The code flow: the POST parameter cmdinput is assigned to str, then to cmd_buf, which is directly used by doSystemCmd, enabling arbitrary command execution. Mu...

CVE-2025-25675

Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmdbuf variable, which is directly used in the doSystemCmd function, causing an arbitrary...

CVE-2024-45084 IBM Cognos Controller CSV injection

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula injection. An attacker could execute arbitrary commands on the system, caused by improper validation of file contents...

TOTOLINK X18 Command Injection Vulnerability

TOTOLINK X18 is a Gigabit router from China's Gion Electronics TOTOLINK. TOTOLINK X18 version 9.1.0cu.2024B20220329 suffers from a command injection vulnerability that stems from the parameter enable in file /cgi-bin/cstecgi.cgi failing to correctly filter constructed command special characters,...

CVE-2025-25894

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the sambawg and sambanbn parameters. This vulnerability allows attackers to execute arbitrary operating system OS commands via a crafted packet...

CVE-2025-25893

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort, inePort, exsPort, exePort, and protocol parameters. This vulnerability allows attackers to execute arbitrary operating system OS commands via a crafted packet...

CVE-2021-46686

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in acmailer CGI ver.4.0.3 and earlier and acmailer DB ver.1.1.5 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker...

ChurchCRM 安全漏洞

ChurchCRM is an open source CRM system built for churches by ChurchCRM Open Source. A security vulnerability exists in ChurchCRM version 5.13.0 and prior versions that stems from the newCountName parameter being directly connected to a SQL query without proper cleanup. An attacker exploiting this...

NETGEAR FVS336G Command Injection Vulnerability

The NETGEAR FVS336G is a VPN Virtual Private Network firewall router from NETGEAR. The NETGEAR FVS336G suffers from a command injection vulnerability. The vulnerability stems from the application failing to properly filter constructed command special characters, commands, and so on. An attacker...

CVE-2025-25894

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the sambawg and sambanbn parameters. This vulnerability allows attackers to execute arbitrary operating system OS commands via a crafted packet...

D-Link DSL-3782 安全漏洞

The D-Link DSL-3782 is a wireless router from Taiwan, China-based D-Link. The D-Link DSL-3782 suffers from an OS command injection vulnerability that originates in the sambawg and sambanbn parameters, which can be exploited by an attacker to execute arbitrary commands...

CVE-2025-25893

The CVE-2025-25893 entry describes an OS command injection in D-Link DSL-3782 v1.01, triggered via crafted packets that manipulate inIP, insPort, inePort, exsPort, exePort, and protocol parameters. The impact is arbitrary OS command execution with high severity (CVSS v3.1: AV:A/AC:L/PR:L/UI:N/S:U...

CVE-2021-46686

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in acmailer CGI ver.4.0.3 and earlier and acmailer DB ver.1.1.5 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker...

CVE-2021-46686

CVE-2021-46686 affects acmailer CGI (versions ≤ 4.0.3) and acmailer DB (versions ≤ 1.1.5). The issue is an OS command injection (CWE-78) due to improper neutralization of special elements in OS command handling, allowing an attacker to execute arbitrary commands on the affected system. Affected p...

Fortinet FortiWeb OS Command Injection Vulnerability (CNVD-2025-03519)

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content...