7632 matches found
CVE-2025-25527
Buffer overflow vulnerability in Ruijie RG-NBR2600S Gateway 10.34b12 due to the lack of length verification, which is related to the configuration of source address NAT rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary...
CVE-2025-22992
A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project = 11.6.9. The vulnerability is caused by improper handling of user-supplied input in the data query parameter, allowing attackers to execute arbitrary SQL commands under specific conditions...
CVE-2025-25039
A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager CPPM allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on...
CVE-2021-4039
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device...
CVE-2021-26605
An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication...
CVE-2025-20055
OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may execute an arbitrary OS command...
CVE-2025-20617
Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in UD-LT2 firmware Ver.1.00.008SE and earlier. If an attacker logs in to the affected product with an administrative account and manipulates requests for a certain screen operation, an arbitrary ...
CVE-2025-22609
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to attach any existing private key on a coolify instance to his own server. If the server configuration of I...
CVE-2022-43867
IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437...
CVE-2022-30298
An improper privilege management vulnerability CWE-269 in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files via another, unrelated and hypothetical exploit to execute arbitrary Python commands as root...
CVE-2025-23093
The issue (CVE-2025-23093) affects Mitel OpenScape 4000 and OpenScape 4000 Manager. The root cause is the platform’s execution of a resource with unnecessary privileges, allowing an authenticated attacker to escalate privileges and execute arbitrary commands with elevated rights. Affected version...
The vulnerability of the application software interface of the Cisco Identity Services Engine (ISE) management platform, related to deficiencies in the data deserialization mechanism, allows a perpetrator to execute arbitrary commands.
The vulnerability of the application programming interface of the Cisco Identity Services Engine ISE management platform relates to deficiencies in the data deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending a specially craft...
The vulnerability of the application programming interface of the Trellix Enterprise Security Manager (ESM) system, which allows a perpetrator to execute arbitrary commands.
The vulnerability of the application programming interface of the Trellix Enterprise Security Manager ESM system for monitoring, analyzing, and managing security threats is related to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploitin...
CVE-2022-41017
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-41008
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-41002
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-41019
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-41030
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-41003
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-41007
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...