CVE-2025-34334 AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via TestFax.php & LPE

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodesfiles/TestFax.php. When a fax "send" test is requested, the application builds a faxsender comman...

CVE-2025-37162

CVE-2025-37162 describes an authenticated command injection vulnerability in the command line interface of affected devices. Successful exploitation could allow execution of arbitrary OS commands by an attacker with valid credentials and network access; impact is system compromise of the underlyi...

CVE-2025-37163

CVE-2025-37163 describes an authenticated command-injection vulnerability in the HPE Aruba Networking Airwave Platform CLI. An authenticated attacker could run arbitrary OS commands with elevated privileges on the underlying system. Affected component: AirWave CLI; impact is privilege escalation ...

CVE-2025-37158

CVE-2025-37158 describes a command injection vulnerability in the AOS-CX Operating System . The public records indicate an authenticated remote attacker could achieve Remote Code Execution (RCE) on the affected system. The available documents do not provide concrete details on affected versions, ...

CVE-2025-37158 Authenticated Command Injection allows Unauthorized Command Execution in AOS-CX

A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution RCE on the affected system...

CVE-2025-37157 Authenticated Command Injection allows Unauthorized Command Execution in AOS-CX

A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution RCE on the affected system...

CVE-2025-61713

A Cleartext Storage of Sensitive Information in Memory vulnerability CWE-316 in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions may allow an authenticated...

CVE-2025-34322 Nagios Log Server < 2026R1.0.1 Authenticated Command Injection via Natural Language Queries

Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature. When this feature is configured, certain user-controlled settings—including model selection and connection parameters—are read from the...

CVE-2025-34322 Nagios Log Server < 2026R1.0.1 Authenticated Command Injection via Natural Language Queries

Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature. When this feature is configured, certain user-controlled settings—including model selection and connection parameters—are read from the...

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Authenticated Remote Command Injection

Ilevia EVE X1/X5 Server version 4.7.18.0.eden suffers from multiple authenticated OS command injection vulnerabilities. This can be exploited to inject and execute arbitrary shell commands through multiple scripts affecting multiple parameters. Ilevia EVE X1/X5 Server 4.7.18.0.eden Authenticated...

CVE-2025-9223

Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature...

CVE-2025-9223

ZOHO ManageEngine Applications Manager, affected through CVE-2025-9223, versions 178100 and below, is vulnerable to an authenticated command injection due to misconfiguration in the Execute Program/execute program action feature. The vulnerability allows total command execution with HIGH impact (...

CVE-2025-9223 Command Injection

Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature...

Exploit for CVE-2025-61299

CVE-2025-61299P...

PT-2025-44665

Name of the Vulnerable Software and Affected Versions ELOG affected versions not specified Description ELOG allows an authenticated user to modify or overwrite the configuration file, potentially leading to a denial of service. If the execute facility is enabled using the '-x' command line flag,...

CVE-2025-34284 Nagios XI < 2024R2 Authenticated Command Injection via WinRM Plugin

Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful exploitatio...

Vulnerabilities fixed in Zohocorp's ManageEngine

Zohocorp has fixed vulnerabilities in ManageEngine Specifically for ADManager Plus, EndPoint Central and Analytics Plus. The vulnerabilities include an authenticated command injection in ADManager Plus, XML injections in EndPoint Central, and an authenticated SQL injection in Analytics Plus. Thes...

CVE-2025-10020

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component...

EUVD-2025-35166

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component...

CVE-2025-10020

Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component...